Vulnerability Name: | CVE-2023-29400 (CCN-255427) | ||||||||||||
Assigned: | 2023-05-05 | ||||||||||||
Published: | 2023-05-05 | ||||||||||||
Updated: | 2023-05-22 | ||||||||||||
Summary: | Golang Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into the templates, which when parsed, would execute in the victim's Web browser within the security context of the hosting site. | ||||||||||||
CVSS v3 Severity: | 7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) 6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2023-29400 Source: XF Type: UNKNOWN go-cve202329400-html-injection(255427) Source: CCN Type: Go GIT Repository html/template: improper handling of empty HTML attributes #59722 Source: CCN Type: Google Groups Web site [security] Go 1.20.4 and Go 1.19.9 are released Source: CCN Type: GO-2023-1753 Vulnerability Report Source: CCN Type: IBM Security Bulletin 7001859 (Db2 Rest) Multiple vulnerabilities in golang affect IBM Db2 REST Source: CCN Type: IBM Security Bulletin 7008449 (Db2 on Cloud Pak for Data) Multiple vulnerabilities affect IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Source: CCN Type: IBM Security Bulletin 7011697 (Storage Protect Plus Container Agent) Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift Source: CCN Type: IBM Security Bulletin 7012459 (Spectrum Copy Data Management) Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management Source: CCN Type: IBM Security Bulletin 7014267 (Watson Discovery) IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by multiple vulnerabilities in Golang Go Source: CCN Type: IBM Security Bulletin 7014403 (Event Streams) IBM Event Streams is affected by multiple Golang Go vulnerabilities Source: CCN Type: IBM Security Bulletin 7015035 (Watson Speech Services Cartridge for Cloud Pak for Data) IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTML injection in Golang Go ( CVE-2023-29400) | ||||||||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |