VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7wck-mgyr-aaap

Essentials
Severities (101)
References (47)
Severity details (17)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7wck-mgyr-aaap
Aliases	CVE-2023-29400
Summary	Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Status	Published
Exploitability	0.5
Weighted Severity	6.6
Risk	3.3
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-176	Improper Handling of Unicode Encoding

System	Score	Found at
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29400.json
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2023-29400
cvssv3.1	7.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.3	https://go.dev/cl/491617
cvssv3.1	7.3	https://go.dev/cl/491617
ssvc	Track	https://go.dev/cl/491617
ssvc	Track	https://go.dev/cl/491617
cvssv3.1	7.3	https://go.dev/issue/59722
cvssv3.1	7.3	https://go.dev/issue/59722
ssvc	Track	https://go.dev/issue/59722
ssvc	Track	https://go.dev/issue/59722
ssvc	Track	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
ssvc	Track	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
cvssv3	7.3	https://nvd.nist.gov/vuln/detail/CVE-2023-29400
cvssv3.1	7.3	https://nvd.nist.gov/vuln/detail/CVE-2023-29400
cvssv3.1	7.3	https://pkg.go.dev/vuln/GO-2023-1753
cvssv3.1	7.3	https://pkg.go.dev/vuln/GO-2023-1753
ssvc	Track	https://pkg.go.dev/vuln/GO-2023-1753

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29400.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-29400
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/491617
		https://go.dev/issue/59722
		https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
		https://pkg.go.dev/vuln/GO-2023-1753
		https://security.netapp.com/advisory/ntap-20241213-0005/
2196029		https://bugzilla.redhat.com/show_bug.cgi?id=2196029
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
CVE-2023-29400		https://nvd.nist.gov/vuln/detail/CVE-2023-29400
GLSA-202408-07		https://security.gentoo.org/glsa/202408-07
RHSA-2023:3318		https://access.redhat.com/errata/RHSA-2023:3318
RHSA-2023:3319		https://access.redhat.com/errata/RHSA-2023:3319
RHSA-2023:3323		https://access.redhat.com/errata/RHSA-2023:3323
RHSA-2023:3366		https://access.redhat.com/errata/RHSA-2023:3366
RHSA-2023:3367		https://access.redhat.com/errata/RHSA-2023:3367
RHSA-2023:3415		https://access.redhat.com/errata/RHSA-2023:3415
RHSA-2023:3435		https://access.redhat.com/errata/RHSA-2023:3435
RHSA-2023:3445		https://access.redhat.com/errata/RHSA-2023:3445
RHSA-2023:3540		https://access.redhat.com/errata/RHSA-2023:3540
RHSA-2023:3905		https://access.redhat.com/errata/RHSA-2023:3905
RHSA-2023:3918		https://access.redhat.com/errata/RHSA-2023:3918
RHSA-2023:4003		https://access.redhat.com/errata/RHSA-2023:4003
RHSA-2023:4093		https://access.redhat.com/errata/RHSA-2023:4093
RHSA-2023:4293		https://access.redhat.com/errata/RHSA-2023:4293
RHSA-2023:4335		https://access.redhat.com/errata/RHSA-2023:4335
RHSA-2023:4459		https://access.redhat.com/errata/RHSA-2023:4459
RHSA-2023:4470		https://access.redhat.com/errata/RHSA-2023:4470
RHSA-2023:4472		https://access.redhat.com/errata/RHSA-2023:4472
RHSA-2023:4627		https://access.redhat.com/errata/RHSA-2023:4627
RHSA-2023:4657		https://access.redhat.com/errata/RHSA-2023:4657
RHSA-2023:4664		https://access.redhat.com/errata/RHSA-2023:4664
RHSA-2023:5421		https://access.redhat.com/errata/RHSA-2023:5421
RHSA-2023:5442		https://access.redhat.com/errata/RHSA-2023:5442
RHSA-2023:5947		https://access.redhat.com/errata/RHSA-2023:5947
RHSA-2023:6346		https://access.redhat.com/errata/RHSA-2023:6346
RHSA-2023:6363		https://access.redhat.com/errata/RHSA-2023:6363
RHSA-2023:6402		https://access.redhat.com/errata/RHSA-2023:6402
RHSA-2023:6473		https://access.redhat.com/errata/RHSA-2023:6473
RHSA-2023:6474		https://access.redhat.com/errata/RHSA-2023:6474
RHSA-2023:6832		https://access.redhat.com/errata/RHSA-2023:6832
RHSA-2023:6938		https://access.redhat.com/errata/RHSA-2023:6938
RHSA-2023:6939		https://access.redhat.com/errata/RHSA-2023:6939
RHSA-2024:2944		https://access.redhat.com/errata/RHSA-2024:2944
USN-6140-1		https://usn.ubuntu.com/6140-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29400.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/cl/491617

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/cl/491617

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:46:30Z/ Found at https://go.dev/cl/491617

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/issue/59722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/issue/59722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:46:30Z/ Found at https://go.dev/issue/59722

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:46:30Z/ Found at https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-29400

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-29400

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://pkg.go.dev/vuln/GO-2023-1753

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://pkg.go.dev/vuln/GO-2023-1753

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:46:30Z/ Found at https://pkg.go.dev/vuln/GO-2023-1753

Exploit Prediction Scoring System (EPSS)

Percentile	0.14787
EPSS Score	0.00048
Published At	April 19, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.