CVE-2023-24540

Summary

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Affected Software

VendorProductVersion RangeStatus
Go standard libraryhtml/template0 < 1.19.9affected
Go standard libraryhtml/template1.20.0-0 < 1.20.4affected

Weaknesses

  • CWE-74: Improper input validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References