Giters

aws / eks-distro-build-tooling

This repository contains tooling used to build the EKS Distro, and all the projects contained in https://github.com/aws/eks-distro.

Home Page:https://distro.eks.amazonaws.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)

eks-distro-pr-bot opened this issue · comments

commented

The html/template package did not properly handle HMTL-like ""
comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
cause the template parser to improperly interpret the contents of <script>
contexts, causing actions to be improperly escaped. This could be leveraged to
perform an XSS attack.

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
issue.

This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.

This is a PRIVATE issue for CVE-2023-39318, tracked in http://b/293889520 and fixed by http://tg/c/1976593.

/cc @golang/security and @golang/release