github - ghsa-c9hr-fvm9-7c49

ghsa-c9hr-fvm9-7c49

Vulnerability from github

Published

2023-05-11 18:30

Modified

2024-04-04 04:02

Severity

7.3 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-11T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.",
  "id": "GHSA-c9hr-fvm9-7c49",
  "modified": "2024-04-04T04:02:38Z",
  "published": "2023-05-11T18:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/491617"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/59722"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2023-1753"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-29400

Vulnerability from cvelistv5

Published

2023-05-11 15:29

Modified

2024-08-02 14:07

Severity

Summary

Improper handling of empty HTML attributes in html/template

References

URL	Tags
https://go.dev/issue/59722
https://go.dev/cl/491617
https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
https://pkg.go.dev/vuln/GO-2023-1753

Impacted products

Vendor	Product
Go standard library	html/template

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59722"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/491617"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1753"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "appendCmd"
            },
            {
              "name": "htmlNospaceEscaper"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.4",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-74: Improper input validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:08:27.799Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59722"
        },
        {
          "url": "https://go.dev/cl/491617"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1753"
        }
      ],
      "title": "Improper handling of empty HTML attributes in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-29400",
    "datePublished": "2023-05-11T15:29:24.874Z",
    "dateReserved": "2023-04-05T19:36:35.042Z",
    "dateUpdated": "2024-08-02T14:07:45.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.