Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/03/2024 Updated: 01/05/2024

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.

DescriptionA flaw was found in Go's html/template standard library package If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templatesA flaw was found in Go's ht ...

oss-sec mailing list archives   By Date By Thread </form>    5 CVEs fixed in Go 1221 and Go 1218, 1 CVE fixed in googlegolangorg/protobuf  <!--X-Head-of-M ...

https://go.dev/issue/65697 https://go.dev/cl/564196 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2610 https://security.netapp.com/advisory/ntap-20240329-0008/http://www.openwall.com/lists/oss-security/2024/03/08/4 https://nvd.nist.gov https://seclists.org/oss-sec/2024/q1/197 https://access.redhat.com/security/cve/cve-2024-24785

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-24785

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect