Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
| Platform | Package | Release Date | Advisory |
|---|---|---|---|
| Amazon Linux 2 - Core | amazon-ssm-agent | 2023-10-12 15:09 | ALAS2-2023-2303 |
| Amazon Linux 2023 | amazon-ssm-agent | 2023-09-27 21:07 | ALAS2023-2023-373 |
| Amazon Linux 2 - Docker Extra | containerd | 2024-02-01 20:10 | ALAS2DOCKER-2024-037 |
| Amazon Linux 2 - Ecs Extra | containerd | 2024-03-04 06:33 | ALAS2ECS-2024-035 |
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2024-02-01 20:10 | ALAS2NITRO-ENCLAVES-2024-037 |
| Amazon Linux 2 - Core | cri-tools | 2024-02-01 19:57 | ALAS2-2024-2446 |
| Amazon Linux 2 - Ecs Extra | ecs-init | 2024-01-03 23:00 | ALAS2ECS-2024-031 |
| Amazon Linux 2023 | ecs-init | 2024-01-03 23:20 | ALAS2023-2024-476 |
| Amazon Linux 2 - Core | nerdctl | 2023-11-09 19:19 | ALAS2-2023-2339 |
| Amazon Linux 2023 | nerdctl | 2023-09-27 21:06 | ALAS2023-2023-366 |
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| NVD | CVSSv3 | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
