CVE-2023-3978

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-3978
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3978.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-3978
Aliases
Downstream
Related
Published
2023-08-02T19:48:56.676Z
Modified
2026-05-18T05:56:42.242776757Z
Summary
Improper rendering of text nodes in golang.org/x/net/html
Details

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3978.json",
    "cna_assigner": "Go",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "0.13.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/golang/net

Affected ranges

Type
GIT
Repo
https://github.com/golang/net
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8ffa475fbdb33da97e8bf79cc5791ee8751fca5e
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.13.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3978.json"