CVE-2023-3978

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3978

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3978.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3978

Aliases

Downstream

DEBIAN-CVE-2023-3978

RHSA-2023:5009

RHSA-2023:6474

RHSA-2023:6938

RHSA-2023:6939

RHSA-2024:0944

SUSE-SU-2024:4010-1

SUSE-SU-2024:4011-1

SUSE-SU-2024:4019-1

UBUNTU-CVE-2023-3978

openSUSE-SU-2024:14218-1

Related

Published

2023-08-02T20:15:12Z

Modified

2025-09-19T14:37:54.494936Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

References

Affected packages

Git / github.com/golang/net

Affected ranges

Type: GIT
Repo: https://github.com/golang/net
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8ffa475fbdb33da97e8bf79cc5791ee8751fca5e

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0