Search for vulnerabilities
Vulnerability details: VCID-cnf3-jr8w-aaag
Vulnerability ID VCID-cnf3-jr8w-aaag
Aliases CVE-2023-24540
Summary Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-176 Improper Handling of Unicode Encoding
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24540.json
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00246 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00246 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00246 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00246 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.0025 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.02993 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
epss 0.1233 https://api.first.org/data/v1/epss?cve=CVE-2023-24540
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-24540
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-24540
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24540.json
https://api.first.org/data/v1/epss?cve=CVE-2023-24540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/491616
https://go.dev/issue/59721
https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
https://pkg.go.dev/vuln/GO-2023-1752
https://security.netapp.com/advisory/ntap-20241115-0008/
2196027 https://bugzilla.redhat.com/show_bug.cgi?id=2196027
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540
GLSA-202408-07 https://security.gentoo.org/glsa/202408-07
RHSA-2023:3318 https://access.redhat.com/errata/RHSA-2023:3318
RHSA-2023:3319 https://access.redhat.com/errata/RHSA-2023:3319
RHSA-2023:3323 https://access.redhat.com/errata/RHSA-2023:3323
RHSA-2023:3366 https://access.redhat.com/errata/RHSA-2023:3366
RHSA-2023:3367 https://access.redhat.com/errata/RHSA-2023:3367
RHSA-2023:3379 https://access.redhat.com/errata/RHSA-2023:3379
RHSA-2023:3409 https://access.redhat.com/errata/RHSA-2023:3409
RHSA-2023:3410 https://access.redhat.com/errata/RHSA-2023:3410
RHSA-2023:3415 https://access.redhat.com/errata/RHSA-2023:3415
RHSA-2023:3435 https://access.redhat.com/errata/RHSA-2023:3435
RHSA-2023:3445 https://access.redhat.com/errata/RHSA-2023:3445
RHSA-2023:3545 https://access.redhat.com/errata/RHSA-2023:3545
RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612
RHSA-2023:3624 https://access.redhat.com/errata/RHSA-2023:3624
RHSA-2023:3644 https://access.redhat.com/errata/RHSA-2023:3644
RHSA-2023:3905 https://access.redhat.com/errata/RHSA-2023:3905
RHSA-2023:3910 https://access.redhat.com/errata/RHSA-2023:3910
RHSA-2023:3911 https://access.redhat.com/errata/RHSA-2023:3911
RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914
RHSA-2023:3915 https://access.redhat.com/errata/RHSA-2023:3915
RHSA-2023:3918 https://access.redhat.com/errata/RHSA-2023:3918
RHSA-2023:4289 https://access.redhat.com/errata/RHSA-2023:4289
RHSA-2023:4335 https://access.redhat.com/errata/RHSA-2023:4335
RHSA-2023:4420 https://access.redhat.com/errata/RHSA-2023:4420
RHSA-2023:4421 https://access.redhat.com/errata/RHSA-2023:4421
RHSA-2023:4470 https://access.redhat.com/errata/RHSA-2023:4470
RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
RHSA-2023:4664 https://access.redhat.com/errata/RHSA-2023:4664
RHSA-2023:5376 https://access.redhat.com/errata/RHSA-2023:5376
RHSA-2023:5421 https://access.redhat.com/errata/RHSA-2023:5421
RHSA-2023:5442 https://access.redhat.com/errata/RHSA-2023:5442
RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947
RHSA-2023:6346 https://access.redhat.com/errata/RHSA-2023:6346
RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363
RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402
RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473
RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474
RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939
RHSA-2024:2944 https://access.redhat.com/errata/RHSA-2024:2944
RHSA-2024:4119 https://access.redhat.com/errata/RHSA-2024:4119
USN-6140-1 https://usn.ubuntu.com/6140-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24540.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24540
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24540
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.56708
EPSS Score 0.00192
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.