CVE-2023-24540

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-24540

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24540.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-24540

Aliases

Downstream

AZL-26626

AZL-37428

AZL-37517

AZL-79082

BELL-CVE-2023-24540

DEBIAN-CVE-2023-24540

MGASA-2023-0169

OESA-2023-1294

RHSA-2023:3318

RHSA-2023:3319

RHSA-2023:3323

RHSA-2023:3366

RHSA-2023:3409

RHSA-2023:3445

RHSA-2023:3545

RHSA-2023:3612

RHSA-2023:3910

RHSA-2023:3914

RHSA-2023:4420

RHSA-2023:4470

RHSA-2023:6346

RHSA-2023:6363

RHSA-2023:6402

RHSA-2023:6473

RHSA-2023:6474

RHSA-2023:6938

RHSA-2023:6939

RLSA-2023:3319

RLSA-2023:6938

RLSA-2023:6939

SUSE-SU-2023:2105-1

SUSE-SU-2023:2105-2

SUSE-SU-2023:2127-1

UBUNTU-CVE-2023-24540

openSUSE-SU-2024:12907-1

openSUSE-SU-2024:12908-1

Related

Published

2023-05-11T15:29:31.947Z

Modified

2026-05-15T04:06:27.472750386Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper handling of JavaScript whitespace in html/template

Details

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "1.19.9"
                },
                {
                    "introduced": "1.20.0-0"
                },
                {
                    "fixed": "1.20.4"
                }
            ]
        }
    ],
    "cna_assigner": "Go",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/24xxx/CVE-2023-24540.json"
}

References

Affected packages