CVE-2023-29400: Improper handling of empty HTML attributes in html/template
First published: Sun May 07 2023(Updated: )
Golang Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into the templates, which when parsed, would execute in the victim's Web browser within the security context of the hosting site.
Credit: security@golang.org security@golang.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Golang Go | <1.19.9 | |
| Golang Go | >=1.20.0<1.20.4 | |
| redhat/golang | <1.19.9 | 1.19.9 |
| redhat/golang | <1.20.4 | 1.20.4 |
| debian/golang-1.15 | <=1.15.15-1~deb11u4 | |
| debian/golang-1.19 | <=1.19.8-2 | |
| IBM Concert Software | <=1.0.0 - 1.0.1 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://go.dev/cl/491617
- https://go.dev/issue/59722
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
- https://pkg.go.dev/vuln/GO-2023-1753
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196474
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196475
- https://github.com/golang/go/commit/0d347544cbca0f42b160424f6bc2458ebcc7b3fc
- https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5
- https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad
- https://access.redhat.com/errata/RHSA-2023:3323
- https://access.redhat.com/errata/RHSA-2023:3415
- https://access.redhat.com/errata/RHSA-2023:3435
- https://access.redhat.com/errata/RHSA-2023:3445
- https://access.redhat.com/errata/RHSA-2023:3367
- https://access.redhat.com/errata/RHSA-2023:3540
- https://access.redhat.com/errata/RHSA-2023:3905
- https://access.redhat.com/errata/RHSA-2023:3918
- https://access.redhat.com/errata/RHSA-2023:4003
- https://access.redhat.com/errata/RHSA-2023:4093
- https://access.redhat.com/errata/RHSA-2023:4293
- https://access.redhat.com/errata/RHSA-2023:4470
- https://access.redhat.com/errata/RHSA-2023:4472
- https://access.redhat.com/errata/RHSA-2023:4335
- https://access.redhat.com/errata/RHSA-2023:4459
- https://access.redhat.com/errata/RHSA-2023:4627
- https://access.redhat.com/errata/RHSA-2023:4664
- https://access.redhat.com/errata/RHSA-2023:4657
- https://access.redhat.com/errata/RHSA-2023:5421
- https://access.redhat.com/errata/RHSA-2023:5442
- https://access.redhat.com/errata/RHSA-2023:5947
- https://access.redhat.com/errata/RHSA-2023:6346
- https://access.redhat.com/errata/RHSA-2023:6363
- https://access.redhat.com/errata/RHSA-2023:6402
- https://access.redhat.com/errata/RHSA-2023:6473
- https://access.redhat.com/errata/RHSA-2023:6474
- https://access.redhat.com/errata/RHSA-2023:6832
- https://access.redhat.com/errata/RHSA-2023:6938
- https://access.redhat.com/errata/RHSA-2023:6939
- https://access.redhat.com/errata/RHSA-2024:2944
- https://bugzilla.redhat.com/show_bug.cgi?id=2196029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400
- https://nvd.nist.gov/vuln/detail/CVE-2023-29400
- https://launchpad.net/bugs/cve/CVE-2023-29400
- https://security-tracker.debian.org/tracker/CVE-2023-29400
- https://ubuntu.com/security/CVE-2023-29400
- https://github.com/golang/go/issues/59722
- https://www.ibm.com/support/pages/node/7173596 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-29400.
What is the severity level of CVE-2023-29400?
The severity level of CVE-2023-29400 is high with a score of 7.3.
What is the description of CVE-2023-29400?
CVE-2023-29400 is a vulnerability where templates containing actions in unquoted HTML attributes executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules, allowing injection of arbitrary attributes into tags.
Which software versions are affected by CVE-2023-29400?
The affected software versions are golang 1.19.9 and golang 1.20.4 (up to exclusive).
Are there any references available for CVE-2023-29400?
Yes, you can find references for CVE-2023-29400 at the following links: [link1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196474), [link2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196475), [link3](https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-29400
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/title
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/ibm-support
- source/IBM
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-cve
- source/NVD
- vendor/golang
- canonical/golang go
- version/golang go/1.20.0
- package-manager/redhat
- package-manager/debian
- vendor/ibm
- canonical/ibm concert software
- version/ibm concert software/1.0.0 - 1.0.1