The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "golang-1.20-src": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20-doc": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20-go": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20-go-dbgsym": "1.20.3-1ubuntu0.1~20.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "golang-1.20-src": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20-doc": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20-go": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20-go-dbgsym": "1.20.3-1ubuntu0.1~22.04.1" } ] }