CVE-2023-3978

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3978

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3978.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3978

Aliases

Downstream

AZL-27810

AZL-27813

AZL-27818

AZL-27831

AZL-31690

AZL-31858

AZL-33331

AZL-34542

AZL-34582

AZL-34624

AZL-34907

AZL-35120

AZL-35299

AZL-35348

AZL-42867

AZL-43555

AZL-44055

DEBIAN-CVE-2023-3978

ECHO-a770-e404-6acd

RHSA-2023:5009

RHSA-2023:6474

RHSA-2023:6938

RHSA-2023:6939

RHSA-2024:0944

RLSA-2023:6938

RLSA-2023:6939

SUSE-SU-2024:4010-1

SUSE-SU-2024:4011-1

SUSE-SU-2024:4019-1

UBUNTU-CVE-2023-3978

USN-8089-1

USN-8089-2

USN-8089-3

openSUSE-SU-2024:14218-1

Related

Published

2023-08-02T19:48:56.676Z

Modified

2026-05-15T04:07:10.019445767Z

Summary

Improper rendering of text nodes in golang.org/x/net/html

Details

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "0.13.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3978.json",
    "cna_assigner": "Go"
}

References

Affected packages