MSRC_CVE-2023-3978
Vulnerability from csaf_microsoft - Published: 2023-08-01 00:00 - Updated: 2025-03-13 00:00Summary
Improper rendering of text nodes in golang.org/x/net/html
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-3978.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Improper rendering of text nodes in golang.org/x/net/html",
"tracking": {
"current_release_date": "2025-03-13T00:00:00.000Z",
"generator": {
"date": "2025-10-20T00:37:53.044Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-3978",
"initial_release_date": "2023-08-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-08-08T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-01-18T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added packer to CBL-Mariner 2.0"
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-07-10T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-08-25T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-08-26T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-08-27T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-08-28T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "2.4",
"number": "15",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "2.5",
"number": "16",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "2.6",
"number": "17",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2.7",
"number": "18",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.8",
"number": "19",
"summary": "Information published."
},
{
"date": "2024-09-13T00:00:00.000Z",
"legacy_version": "2.9",
"number": "20",
"summary": "Information published."
},
{
"date": "2024-10-12T00:00:00.000Z",
"legacy_version": "3",
"number": "21",
"summary": "Information published."
},
{
"date": "2024-10-15T00:00:00.000Z",
"legacy_version": "3.1",
"number": "22",
"summary": "Added multus to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded vitess to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0"
},
{
"date": "2024-11-01T00:00:00.000Z",
"legacy_version": "3.2",
"number": "23",
"summary": "Added cni-plugins to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded multus to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded vitess to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0"
},
{
"date": "2024-12-03T00:00:00.000Z",
"legacy_version": "3.3",
"number": "24",
"summary": "Added cert-manager to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded cni-plugins to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded multus to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded vitess to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0"
},
{
"date": "2025-02-11T00:00:00.000Z",
"legacy_version": "3.4",
"number": "25",
"summary": "Added application-gateway-kubernetes-ingress to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded vitess to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded cni-plugins to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0"
},
{
"date": "2025-02-16T00:00:00.000Z",
"legacy_version": "3.5",
"number": "26",
"summary": "Added kubevirt to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded cni-plugins to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0\nAdded application-gateway-kubernetes-ingress to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded vitess to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0"
},
{
"date": "2025-03-13T00:00:00.000Z",
"legacy_version": "3.6",
"number": "27",
"summary": "Added containerized-data-importer to Azure Linux 3.0\nAdded application-gateway-kubernetes-ingress to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded cert-manager to Azure Linux 3.0\nAdded prometheus-adapter to Azure Linux 3.0\nAdded vitess to Azure Linux 3.0\nAdded telegraf to Azure Linux 3.0\nAdded kubevirt to Azure Linux 3.0\nAdded kubevirt to CBL-Mariner 2.0\nAdded cert-manager to CBL-Mariner 2.0\nAdded multus to CBL-Mariner 2.0\nAdded cni-plugins to CBL-Mariner 2.0\nAdded vitess to CBL-Mariner 2.0\nAdded packer to CBL-Mariner 2.0\nAdded telegraf to CBL-Mariner 2.0"
}
],
"status": "final",
"version": "27"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 packer 1.8.7-2",
"product": {
"name": "\u003ccbl2 packer 1.8.7-2",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 packer 1.8.7-2",
"product": {
"name": "cbl2 packer 1.8.7-2",
"product_id": "19928"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 packer 1.9.5-3",
"product": {
"name": "\u003ccbl2 packer 1.9.5-3",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "cbl2 packer 1.9.5-3",
"product": {
"name": "cbl2 packer 1.9.5-3",
"product_id": "18130"
}
}
],
"category": "product_name",
"name": "packer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 application-gateway-kubernetes-ingress 1.7.2-3",
"product": {
"name": "\u003cazl3 application-gateway-kubernetes-ingress 1.7.2-3",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "azl3 application-gateway-kubernetes-ingress 1.7.2-3",
"product": {
"name": "azl3 application-gateway-kubernetes-ingress 1.7.2-3",
"product_id": "17515"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 application-gateway-kubernetes-ingress 1.7.7-1",
"product": {
"name": "\u003cazl3 application-gateway-kubernetes-ingress 1.7.7-1",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "azl3 application-gateway-kubernetes-ingress 1.7.7-1",
"product": {
"name": "azl3 application-gateway-kubernetes-ingress 1.7.7-1",
"product_id": "17587"
}
}
],
"category": "product_name",
"name": "application-gateway-kubernetes-ingress"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containerized-data-importer 1.57.0-14",
"product": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-14",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "azl3 containerized-data-importer 1.57.0-14",
"product": {
"name": "azl3 containerized-data-importer 1.57.0-14",
"product_id": "19346"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 containerized-data-importer 1.57.0-12",
"product": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-12",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "azl3 containerized-data-importer 1.57.0-12",
"product": {
"name": "azl3 containerized-data-importer 1.57.0-12",
"product_id": "18190"
}
}
],
"category": "product_name",
"name": "containerized-data-importer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 0.59.0-14",
"product": {
"name": "\u003cazl3 kubevirt 0.59.0-14",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 0.59.0-14",
"product": {
"name": "azl3 kubevirt 0.59.0-14",
"product_id": "19959"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kubevirt 0.59.0-24",
"product": {
"name": "\u003ccbl2 kubevirt 0.59.0-24",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "cbl2 kubevirt 0.59.0-24",
"product": {
"name": "cbl2 kubevirt 0.59.0-24",
"product_id": "18187"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 1.2.0-1",
"product": {
"name": "\u003cazl3 kubevirt 1.2.0-1",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.2.0-1",
"product": {
"name": "azl3 kubevirt 1.2.0-1",
"product_id": "18189"
}
}
],
"category": "product_name",
"name": "kubevirt"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 prometheus-adapter 0.11.2-1",
"product": {
"name": "\u003cazl3 prometheus-adapter 0.11.2-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 prometheus-adapter 0.11.2-1",
"product": {
"name": "azl3 prometheus-adapter 0.11.2-1",
"product_id": "19966"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 prometheus-adapter 0.12.0-1",
"product": {
"name": "\u003cazl3 prometheus-adapter 0.12.0-1",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "azl3 prometheus-adapter 0.12.0-1",
"product": {
"name": "azl3 prometheus-adapter 0.12.0-1",
"product_id": "17786"
}
}
],
"category": "product_name",
"name": "prometheus-adapter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 telegraf 1.27.3-4",
"product": {
"name": "\u003cazl3 telegraf 1.27.3-4",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 telegraf 1.27.3-4",
"product": {
"name": "azl3 telegraf 1.27.3-4",
"product_id": "19664"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 telegraf 1.27.4-1",
"product": {
"name": "\u003ccbl2 telegraf 1.27.4-1",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "cbl2 telegraf 1.27.4-1",
"product": {
"name": "cbl2 telegraf 1.27.4-1",
"product_id": "18186"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 telegraf 1.29.4-1",
"product": {
"name": "\u003cazl3 telegraf 1.29.4-1",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "azl3 telegraf 1.29.4-1",
"product": {
"name": "azl3 telegraf 1.29.4-1",
"product_id": "18164"
}
}
],
"category": "product_name",
"name": "telegraf"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 vitess 17.0.2-1",
"product": {
"name": "\u003cazl3 vitess 17.0.2-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 vitess 17.0.2-1",
"product": {
"name": "azl3 vitess 17.0.2-1",
"product_id": "19970"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 vitess 17.0.7-1",
"product": {
"name": "\u003ccbl2 vitess 17.0.7-1",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "cbl2 vitess 17.0.7-1",
"product": {
"name": "cbl2 vitess 17.0.7-1",
"product_id": "17341"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 vitess 19.0.4-2",
"product": {
"name": "\u003cazl3 vitess 19.0.4-2",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "azl3 vitess 19.0.4-2",
"product": {
"name": "azl3 vitess 19.0.4-2",
"product_id": "16898"
}
}
],
"category": "product_name",
"name": "vitess"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 multus 4.0.2-5",
"product": {
"name": "\u003ccbl2 multus 4.0.2-5",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "cbl2 multus 4.0.2-5",
"product": {
"name": "cbl2 multus 4.0.2-5",
"product_id": "18184"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 multus 4.0.2-2",
"product": {
"name": "\u003cazl3 multus 4.0.2-2",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "azl3 multus 4.0.2-2",
"product": {
"name": "azl3 multus 4.0.2-2",
"product_id": "18188"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 multus 4.0.2-5",
"product": {
"name": "\u003cazl3 multus 4.0.2-5",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "azl3 multus 4.0.2-5",
"product": {
"name": "azl3 multus 4.0.2-5",
"product_id": "19345"
}
}
],
"category": "product_name",
"name": "multus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cni-plugins 1.3.0-6",
"product": {
"name": "\u003ccbl2 cni-plugins 1.3.0-6",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "cbl2 cni-plugins 1.3.0-6",
"product": {
"name": "cbl2 cni-plugins 1.3.0-6",
"product_id": "18185"
}
}
],
"category": "product_name",
"name": "cni-plugins"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cert-manager 1.11.2-14",
"product": {
"name": "\u003ccbl2 cert-manager 1.11.2-14",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "cbl2 cert-manager 1.11.2-14",
"product": {
"name": "cbl2 cert-manager 1.11.2-14",
"product_id": "17402"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cert-manager 1.12.12-1",
"product": {
"name": "\u003cazl3 cert-manager 1.12.12-1",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "azl3 cert-manager 1.12.12-1",
"product": {
"name": "azl3 cert-manager 1.12.12-1",
"product_id": "17766"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cert-manager 1.11.2-8",
"product": {
"name": "\u003cazl3 cert-manager 1.11.2-8",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "azl3 cert-manager 1.11.2-8",
"product": {
"name": "azl3 cert-manager 1.11.2-8",
"product_id": "19863"
}
}
],
"category": "product_name",
"name": "cert-manager"
},
{
"category": "product_name",
"name": "azl3 cloud-provider-kubevirt 0.5.1-1",
"product": {
"name": "azl3 cloud-provider-kubevirt 0.5.1-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 packer 1.8.7-2 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 packer 1.8.7-2 as a component of CBL Mariner 2.0",
"product_id": "19928-17086"
},
"product_reference": "19928",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 application-gateway-kubernetes-ingress 1.7.2-3 as a component of Azure Linux 3.0",
"product_id": "17084-22"
},
"product_reference": "22",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 application-gateway-kubernetes-ingress 1.7.2-3 as a component of Azure Linux 3.0",
"product_id": "17515-17084"
},
"product_reference": "17515",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-14 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerized-data-importer 1.57.0-14 as a component of Azure Linux 3.0",
"product_id": "19346-17084"
},
"product_reference": "19346",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 0.59.0-14 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 0.59.0-14 as a component of Azure Linux 3.0",
"product_id": "19959-17084"
},
"product_reference": "19959",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 prometheus-adapter 0.11.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus-adapter 0.11.2-1 as a component of Azure Linux 3.0",
"product_id": "19966-17084"
},
"product_reference": "19966",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 telegraf 1.27.3-4 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 telegraf 1.27.3-4 as a component of Azure Linux 3.0",
"product_id": "19664-17084"
},
"product_reference": "19664",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 vitess 17.0.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 vitess 17.0.2-1 as a component of Azure Linux 3.0",
"product_id": "19970-17084"
},
"product_reference": "19970",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-provider-kubevirt 0.5.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 packer 1.9.5-3 as a component of CBL Mariner 2.0",
"product_id": "17086-18"
},
"product_reference": "18",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 packer 1.9.5-3 as a component of CBL Mariner 2.0",
"product_id": "18130-17086"
},
"product_reference": "18130",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 multus 4.0.2-5 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 multus 4.0.2-5 as a component of CBL Mariner 2.0",
"product_id": "18184-17086"
},
"product_reference": "18184",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cni-plugins 1.3.0-6 as a component of CBL Mariner 2.0",
"product_id": "17086-15"
},
"product_reference": "15",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cni-plugins 1.3.0-6 as a component of CBL Mariner 2.0",
"product_id": "18185-17086"
},
"product_reference": "18185",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 telegraf 1.27.4-1 as a component of CBL Mariner 2.0",
"product_id": "17086-14"
},
"product_reference": "14",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 telegraf 1.27.4-1 as a component of CBL Mariner 2.0",
"product_id": "18186-17086"
},
"product_reference": "18186",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 vitess 17.0.7-1 as a component of CBL Mariner 2.0",
"product_id": "17086-24"
},
"product_reference": "24",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 vitess 17.0.7-1 as a component of CBL Mariner 2.0",
"product_id": "17341-17086"
},
"product_reference": "17341",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kubevirt 0.59.0-24 as a component of CBL Mariner 2.0",
"product_id": "17086-13"
},
"product_reference": "13",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kubevirt 0.59.0-24 as a component of CBL Mariner 2.0",
"product_id": "18187-17086"
},
"product_reference": "18187",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cert-manager 1.11.2-14 as a component of CBL Mariner 2.0",
"product_id": "17086-23"
},
"product_reference": "23",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cert-manager 1.11.2-14 as a component of CBL Mariner 2.0",
"product_id": "17402-17086"
},
"product_reference": "17402",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 multus 4.0.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 multus 4.0.2-2 as a component of Azure Linux 3.0",
"product_id": "18188-17084"
},
"product_reference": "18188",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 vitess 19.0.4-2 as a component of Azure Linux 3.0",
"product_id": "17084-25"
},
"product_reference": "25",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 vitess 19.0.4-2 as a component of Azure Linux 3.0",
"product_id": "16898-17084"
},
"product_reference": "16898",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 telegraf 1.29.4-1 as a component of Azure Linux 3.0",
"product_id": "17084-17"
},
"product_reference": "17",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 telegraf 1.29.4-1 as a component of Azure Linux 3.0",
"product_id": "18164-17084"
},
"product_reference": "18164",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 prometheus-adapter 0.12.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-19"
},
"product_reference": "19",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus-adapter 0.12.0-1 as a component of Azure Linux 3.0",
"product_id": "17786-17084"
},
"product_reference": "17786",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 1.2.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 1.2.0-1 as a component of Azure Linux 3.0",
"product_id": "18189-17084"
},
"product_reference": "18189",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerized-data-importer 1.57.0-12 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerized-data-importer 1.57.0-12 as a component of Azure Linux 3.0",
"product_id": "18190-17084"
},
"product_reference": "18190",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cert-manager 1.12.12-1 as a component of Azure Linux 3.0",
"product_id": "17084-20"
},
"product_reference": "20",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cert-manager 1.12.12-1 as a component of Azure Linux 3.0",
"product_id": "17766-17084"
},
"product_reference": "17766",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 application-gateway-kubernetes-ingress 1.7.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 application-gateway-kubernetes-ingress 1.7.7-1 as a component of Azure Linux 3.0",
"product_id": "17587-17084"
},
"product_reference": "17587",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cert-manager 1.11.2-8 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cert-manager 1.11.2-8 as a component of Azure Linux 3.0",
"product_id": "19863-17084"
},
"product_reference": "19863",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 multus 4.0.2-5 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 multus 4.0.2-5 as a component of Azure Linux 3.0",
"product_id": "19345-17084"
},
"product_reference": "19345",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3978",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19928-17086",
"17515-17084",
"19346-17084",
"19959-17084",
"19966-17084",
"19664-17084",
"19970-17084",
"18130-17086",
"18184-17086",
"18185-17086",
"18186-17086",
"17341-17086",
"18187-17086",
"17402-17086",
"18188-17084",
"16898-17084",
"18164-17084",
"17786-17084",
"18189-17084",
"18190-17084",
"17766-17084",
"17587-17084",
"19863-17084",
"19345-17084"
],
"known_affected": [
"17086-5",
"17084-22",
"17084-8",
"17084-4",
"17084-3",
"17084-7",
"17084-2",
"17086-18",
"17086-16",
"17086-15",
"17086-14",
"17086-24",
"17086-13",
"17086-23",
"17084-12",
"17084-25",
"17084-17",
"17084-19",
"17084-11",
"17084-10",
"17084-20",
"17084-21",
"17084-6",
"17084-9"
],
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-3978.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.10.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.7.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-22",
"17084-21"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.57.0-12:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-8",
"17084-10"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.2.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-4",
"17084-11"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "0.12.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-19"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.29.4-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-7",
"17084-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "19.0.4-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"17084-25"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.9.5-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-18"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "4.0.2-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-16"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.3.0-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-15"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.27.4-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-14"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "17.0.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-24"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "0.59.0-24:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-13"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.11.2-14:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-23"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "4.0.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-12",
"17084-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-08-08T00:00:00.000Z",
"details": "1.12.12-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-20",
"17084-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17086-5",
"17084-22",
"17084-8",
"17084-4",
"17084-3",
"17084-7",
"17084-2",
"17086-18",
"17086-16",
"17086-15",
"17086-14",
"17086-24",
"17086-13",
"17086-23",
"17084-12",
"17084-25",
"17084-17",
"17084-19",
"17084-11",
"17084-10",
"17084-20",
"17084-21",
"17084-6",
"17084-9"
]
}
],
"title": "Improper rendering of text nodes in golang.org/x/net/html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…