GHSA-2wrh-6pvc-2jm9

Suggest an improvement
Source
https://github.com/advisories/GHSA-2wrh-6pvc-2jm9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-2wrh-6pvc-2jm9/GHSA-2wrh-6pvc-2jm9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2wrh-6pvc-2jm9
Aliases
Related
Published
2023-08-02T21:30:20Z
Modified
2024-10-15T05:56:55.897164Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Improper rendering of text nodes in golang.org/x/net/html
Details

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

References

Affected packages

Go / golang.org/x/net

Package

Name
golang.org/x/net
View open source insights on deps.dev
Purl
pkg:golang/golang.org/x/net

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.0