UBUNTU-CVE-2023-24540
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2023-24540
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-24540.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-24540
- Related
- Published
- 2023-05-11T16:15:00Z
- Modified
- 2023-05-11T16:15:00Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
- References
-
- https://ubuntu.com/security/CVE-2023-24540
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://github.com/golang/go/issues/59721
- https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797
- https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765
- https://ubuntu.com/security/notices/USN-6140-1
- https://www.cve.org/CVERecord?id=CVE-2023-24540
Affected packages
Ubuntu:20.04:LTS / golang-1.20
Package
- Name
- golang-1.20
- Purl
- pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.20.3-1ubuntu0.1~20.04
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"golang-1.20-src": "1.20.3-1ubuntu0.1~20.04",
"golang-1.20": "1.20.3-1ubuntu0.1~20.04",
"golang-1.20-doc": "1.20.3-1ubuntu0.1~20.04",
"golang-1.20-go": "1.20.3-1ubuntu0.1~20.04",
"golang-1.20-go-dbgsym": "1.20.3-1ubuntu0.1~20.04"
}
]
}
Ubuntu:22.04:LTS / golang-1.20
Package
- Name
- golang-1.20
- Purl
- pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.20.3-1ubuntu0.1~22.04
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"golang-1.20-src": "1.20.3-1ubuntu0.1~22.04",
"golang-1.20": "1.20.3-1ubuntu0.1~22.04",
"golang-1.20-doc": "1.20.3-1ubuntu0.1~22.04",
"golang-1.20-go": "1.20.3-1ubuntu0.1~22.04",
"golang-1.20-go-dbgsym": "1.20.3-1ubuntu0.1~22.04"
}
]
}