Giters

aws / eks-distro-build-tooling

This repository contains tooling used to build the EKS Distro, and all the projects contained in https://github.com/aws/eks-distro.

Home Page:https://distro.eks.amazonaws.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

html/template: improper handling of special tags within script contexts (CVE-2023-39319)

eks-distro-pr-bot opened this issue · comments

commented

The html/template package did not apply the proper rules for handling occurances
of "<script", "<!--", and "</script" within JS literals in <script> contexts.
This may cause the template parser to improperly consider script contexts to be
terminated early, causing actions to be improperly escaped. This could be
leveraged to perform an XSS attack.

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
issue.

This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.

This is a PRIVATE issue for CVE-2023-39319, tracked in http://b/293889520 and fixed by http://tg/c/1976594.

/cc @golang/security and @golang/release