CVE Vulnerabilities

CVE-2023-24539

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: May 11, 2023 | Modified: May 22, 2023
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a / character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Software

Name Vendor Start Version End Version
Go Golang 1.20.0 *
Go Golang * *

Potential Mitigations

References