vulnerability
Ubuntu: (Multiple Advisories) (CVE-2024-24785): Go vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Mar 5, 2024 | Jul 10, 2024 | Apr 16, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Mar 5, 2024
Added
Jul 10, 2024
Modified
Apr 16, 2026
Description
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
Solutions
ubuntu-pro-upgrade-golang-1-18ubuntu-pro-upgrade-golang-1-18-goubuntu-pro-upgrade-golang-1-18-srcubuntu-upgrade-golang-1-17ubuntu-upgrade-golang-1-17-goubuntu-upgrade-golang-1-17-srcubuntu-upgrade-golang-1-18ubuntu-upgrade-golang-1-18-goubuntu-upgrade-golang-1-18-srcubuntu-upgrade-golang-1-21ubuntu-upgrade-golang-1-21-goubuntu-upgrade-golang-1-21-srcubuntu-upgrade-golang-1-22ubuntu-upgrade-golang-1-22-goubuntu-upgrade-golang-1-22-src
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.