vulnerability

Oracle Linux: CVE-2023-39318: ELSA-2024-2988: container-tools:ol8 security update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2023-09-06
Added
2023-12-14
Modified
2025-01-07

Description

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.

Solution(s)

oracle-linux-upgrade-aardvark-dnsoracle-linux-upgrade-buildahoracle-linux-upgrade-buildah-testsoracle-linux-upgrade-cockpit-podmanoracle-linux-upgrade-conmonoracle-linux-upgrade-containernetworking-pluginsoracle-linux-upgrade-containers-commonoracle-linux-upgrade-container-selinuxoracle-linux-upgrade-critoracle-linux-upgrade-criuoracle-linux-upgrade-criu-develoracle-linux-upgrade-criu-libsoracle-linux-upgrade-crunoracle-linux-upgrade-fuse-overlayfsoracle-linux-upgrade-libslirporacle-linux-upgrade-libslirp-develoracle-linux-upgrade-netavarkoracle-linux-upgrade-oci-seccomp-bpf-hookoracle-linux-upgrade-podmanoracle-linux-upgrade-podman-catatonitoracle-linux-upgrade-podman-dockeroracle-linux-upgrade-podman-gvproxyoracle-linux-upgrade-podman-pluginsoracle-linux-upgrade-podman-remoteoracle-linux-upgrade-podman-testsoracle-linux-upgrade-python3-criuoracle-linux-upgrade-python3-podmanoracle-linux-upgrade-runcoracle-linux-upgrade-skopeooracle-linux-upgrade-skopeo-testsoracle-linux-upgrade-slirp4netnsoracle-linux-upgrade-udica

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today