First published: Wed Aug 02 2023(Updated: )
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Credit: security@golang.org security@golang.org security@golang.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/golang.org/x/net | <0.13.0 | 0.13.0 |
redhat/golang.org/x/net/html | <0.13.0 | 0.13.0 |
Golang Networking Go | <0.13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3978 is a vulnerability that allows text nodes not in the HTML namespace to be incorrectly literally rendered, potentially leading to an XSS attack.
The severity of CVE-2023-3978 is medium with a CVSS score of 6.1.
The Golang Networking software up to version 0.13.0 is affected by CVE-2023-3978.
CVE-2023-3978 can be exploited by injecting malicious code into text nodes not in the HTML namespace.
To fix CVE-2023-3978, update your Golang Networking software to a version higher than 0.13.0.