]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 26309ba) | patch
go: Fix CVE-2023-39319
authorSoumya Sambu <soumya.sambu@windriver.com>
Thu, 14 Sep 2023 16:33:48 +0000 (16:33 +0000)
committerSteve Sakoman <steve@sakoman.com>
Tue, 19 Sep 2023 14:14:00 +0000 (04:14 -1000)
commitafdc322ecff4cfd8478c89a03f7fce748a132b48
treed42a5eaf94c6637a001a4394574792709ed5ac03tree
parent26309ba6ef5b776d6bc45b984261b91e6c8c5a94commit | diff
go: Fix CVE-2023-39319

The html/template package does not apply the proper rules for handling
occurrences of "<script", "<!--", and "</script" within JS literals in
<script> contexts. This may cause the template parser to improperly
consider script contexts to be terminated early, causing actions to be
improperly escaped. This could be leveraged to perform an XSS attack.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-39319

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.17.13.inc diff | blob | blame | history
meta/recipes-devtools/go/go-1.20/CVE-2023-39319.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core