Unrated severityNVD Advisory· Published May 11, 2023· Updated Jan 24, 2025
Improper handling of JavaScript whitespace in html/template
CVE-2023-24540
Description
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Affected products
76- osv-coords75 versionspkg:apk/chainguard/falcopkg:apk/chainguard/falco-devpkg:apk/chainguard/falco-srcpkg:apk/chainguard/go-1.19pkg:apk/chainguard/go-1.19-docpkg:apk/chainguard/go-1.20pkg:apk/chainguard/go-1.20-docpkg:apk/chainguard/go-fips-1.20pkg:apk/chainguard/go-fips-1.20-docpkg:apk/wolfi/falcopkg:apk/wolfi/falco-devpkg:apk/wolfi/falco-srcpkg:apk/wolfi/go-1.19pkg:apk/wolfi/go-1.19-docpkg:apk/wolfi/go-1.20pkg:apk/wolfi/go-1.20-docpkg:apk/wolfi/go-fips-1.20pkg:apk/wolfi/go-fips-1.20-docpkg:bitnami/golangpkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/delvepkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/go1.19&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.19&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.20&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.19&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3
< 0.37.1-r0+ 74 more
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.19.9-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.20.4-r0
- (no CPE)range: < 1.19.9
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.31.3-1.el9
- (no CPE)range: < 1:1.31.3-1.el9
- (no CPE)range: < 46-1.module_el8.7.0+3344+5bcd850f
- (no CPE)range: < 2:2.1.4-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.3.0-4.el9
- (no CPE)range: < 2:1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:2.205.0-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 1.8.3-1.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.9.1-1.module_el8.8.0+3471+a62632a0
- (no CPE)range: < 1.9-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-2.el9_2
- (no CPE)range: < 1.19.9-1.el9_2
- (no CPE)range: < 4.4.0-1.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 4.4.0-1.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.2.5-2.module_el8.8.0+3468+16b86c82
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 2:4.6.1-5.el9
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 4.0.0-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.1.5-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1.13.3-1.el9
- (no CPE)range: < 2:1.13.3-1.el9
- (no CPE)range: < 1.1.8-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.0.99.4-6.el9_3
- (no CPE)range: < 0.0.99.4-6.el9_3
- (no CPE)range: < 0.2.6-4.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-1.1
- (no CPE)range: < 1.20.4-150000.1.11.1
- (no CPE)range: < 1.20.4-1.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.19.9-150000.1.31.1
- (no CPE)range: < 1.20.4-150000.1.11.1
- (no CPE)range: < 1.20.4-150000.1.11.1
- Go standard library/html/templatev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.