CVE-2023-24540

Published: May 11, 2023

Modified: Jan 24, 2025

PUBLISHED

Description

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Vendor	Product	Versions
Go standard library	html/template	affected `0 - < 1.19.9` affected `1.20.0-0 - < 1.20.4`

References

https://go.dev/issue/59721

https://go.dev/cl/491616

https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

https://pkg.go.dev/vuln/GO-2023-1752

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24540

Description

Affected Products

References