VulnerableCode Package Details - pkg:deb/debian/golang-1.20@1.20.7-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2gh9-wc9r-aaak Aliases: CVE-2023-39319	The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.	1.20.8-1 Affected by 0 other vulnerabilities. 1.20.11-1~bpo12+1 Affected by 0 other vulnerabilities. 1.20.12-1~bpo12+1 Affected by 0 other vulnerabilities. 1.20.14-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-6a5e-s2gp-aaae Aliases: CVE-2023-39318	The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.	1.20.8-1 Affected by 0 other vulnerabilities. 1.20.11-1~bpo12+1 Affected by 0 other vulnerabilities. 1.20.12-1~bpo12+1 Affected by 0 other vulnerabilities. 1.20.14-2~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2gh9-wc9r-aaak
Aliases:
CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.

1.20.8-1
Affected by 0 other vulnerabilities.

1.20.11-1~bpo12+1
Affected by 0 other vulnerabilities.

1.20.12-1~bpo12+1
Affected by 0 other vulnerabilities.

1.20.14-2~bpo12+1
Affected by 0 other vulnerabilities.

VCID-6a5e-s2gp-aaae
Aliases:
CVE-2023-39318

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.