html/template: improper handling of JavaScript whitespace.
Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | amazon-ssm-agent | 2023-10-12 15:48 | ALAS-2023-1866 |
Amazon Linux 2 - Core | amazon-ssm-agent | 2023-10-12 15:09 | ALAS2-2023-2303 |
Amazon Linux 2 - Docker Extra | containerd | 2023-08-17 17:04 | ALAS2DOCKER-2023-029 |
Amazon Linux 2 - Docker Extra | docker | 2023-10-18 16:53 | ALAS2DOCKER-2023-031 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2023-08-03 19:42 | ALAS2NITRO-ENCLAVES-2023-026 |
Amazon Linux 1 | golang | 2023-06-05 16:39 | ALAS-2023-1760 |
Amazon Linux 1 | golang | 2023-09-27 22:15 | ALAS-2023-1848 |
Amazon Linux 2 - Core | golang | 2023-07-20 17:29 | ALAS2-2023-2163 |
Amazon Linux 2023 | golang | 2023-06-07 23:52 | ALAS2023-2023-209 |
Amazon Linux 2 - Ecs Extra | docker | 2023-10-31 00:17 | ALAS2ECS-2023-019 |
Amazon Linux 2 - Golang1.19 Extra | golang | 2023-08-07 05:59 | ALAS2GOLANG1.19-2023-001 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2023-10-18 16:51 | ALAS2NITRO-ENCLAVES-2023-030 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |