CVE-2023-3978

MEDIUM6.1EPSS 0.10%

Improper rendering of text nodes in golang.org/x/net/html

發布日:2023/8/2修改日:2026/4/28

描述

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

受影響套件(3)

Debian/golang-golang-x-netfrom 0
Go/golang.org/x/netfrom 0, < 0.13.0
Go/golang.org/x/netfrom 0, < 0.13.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-3978
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-3978
WEBhttps://go.dev/cl/514896
WEBhttps://go.dev/issue/61615
WEBhttps://pkg.go.dev/vuln/GO-2023-1988