Critical severity9.8NVD Advisory· Published May 11, 2023· Updated Jun 17, 2026
CVE-2023-24540
CVE-2023-24540
Description
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
77- osv-coords75 versionspkg:apk/chainguard/falcopkg:apk/chainguard/falco-devpkg:apk/chainguard/falco-srcpkg:apk/chainguard/go-1.19pkg:apk/chainguard/go-1.19-docpkg:apk/chainguard/go-1.20pkg:apk/chainguard/go-1.20-docpkg:apk/chainguard/go-fips-1.20pkg:apk/chainguard/go-fips-1.20-docpkg:apk/wolfi/falcopkg:apk/wolfi/falco-devpkg:apk/wolfi/falco-srcpkg:apk/wolfi/go-1.19pkg:apk/wolfi/go-1.19-docpkg:apk/wolfi/go-1.20pkg:apk/wolfi/go-1.20-docpkg:apk/wolfi/go-fips-1.20pkg:apk/wolfi/go-fips-1.20-docpkg:bitnami/golangpkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/delvepkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/go1.19&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.19&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.20&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.19&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3
< 0.37.1-r0+ 74 more
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.19.9
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.31.3-1.el9
- (no CPE)range: < 1:1.31.3-1.el9
- (no CPE)range: < 46-1.module_el8.7.0+3344+5bcd850f
- (no CPE)range: < 2:2.1.4-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.3.0-4.el9
- (no CPE)range: < 2:1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:2.205.0-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 1.8.3-1.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.9.1-1.module_el8.8.0+3471+a62632a0
- (no CPE)range: < 1.9-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-1.el9_2
- (no CPE)range: < 4.4.0-1.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 4.4.0-1.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.2.5-2.module_el8.8.0+3468+16b86c82
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 4.0.0-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.1.5-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1.13.3-1.el9
- (no CPE)range: < 2:1.13.3-1.el9
- (no CPE)range: < 1.1.8-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.0.99.4-6.el9_3
- (no CPE)range: < 0.0.99.4-6.el9_3
- (no CPE)range: < 0.2.6-4.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-1.1
- (no CPE)range: < 1.20.4-150000.1.11.1
- (no CPE)range: < 1.20.4-1.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.20.4-150000.1.11.1
- (no CPE)range: < 1.20.4-150000.1.11.1
- Go standard library/html/templatev5Range: 0
Patches
Vulnerability mechanics
References
5- go.dev/cl/491616nvdPatch
- go.dev/issue/59721nvdIssue TrackingPatch
- pkg.go.dev/vuln/GO-2023-1752nvdVendor Advisory
- groups.google.com/g/golang-announce/c/MEb0UyuSMsUnvdMailing ListRelease Notes
- security.netapp.com/advisory/ntap-20241115-0008/nvd
News mentions
0No linked articles in our index yet.