html/template: improper handling of empty HTML attributes.
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Docker Extra | containerd | 2023-08-17 17:04 | ALAS2DOCKER-2023-029 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2023-08-03 19:42 | ALAS2NITRO-ENCLAVES-2023-026 |
Amazon Linux 1 | golang | 2023-06-05 16:39 | ALAS-2023-1760 |
Amazon Linux 1 | golang | 2023-09-27 22:15 | ALAS-2023-1848 |
Amazon Linux 2 - Core | golang | 2023-07-20 17:29 | ALAS2-2023-2163 |
Amazon Linux 2 - Golang1.19 Extra | golang | 2023-08-07 05:59 | ALAS2GOLANG1.19-2023-001 |
Amazon Linux 2023 | golang | 2023-07-19 21:24 | ALAS2023-2023-269 |
Amazon Linux 2023 | golang | 2023-06-07 23:52 | ALAS2023-2023-209 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
NVD | CVSSv3 | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |