Go standard library - CVE CyberSecurity Database News (Page 3)

May 11, 2023 XSS Exploit Go standard library

CVE-2023-29400 - Templates Containing Actions in Unquoted HTML Attributes Allowing Injection of Arbitrary Attributes into Tags

In this article, we'll discuss a Common Vulnerabilities and Exposures (CVE) entry, CVE-2023-29400. We'll take a look at a code snippet,

May 11, 2023 Go standard library

CVE-2023-24540: JavaScript Whitespace Character Vulnerability in Template Sanitization

A recently discovered vulnerability, identified as CVE-2023-24540, suggests that not all valid JavaScript whitespace characters are being considered as whitespace during the sanitization process of

Apr 6, 2023 Exploit Google Go standard library

CVE-2023-24538: Critical Vulnerability in Template Literals Handling in Go Templates Exposes Arbitrary JavaScript Code Injection

A critical vulnerability has been recently discovered in Go Templates (included in Go standard library package) that could allow attackers to inject and execute arbitrary

Apr 6, 2023 Go standard library

CVE-2023-24536: Multipart Form Parsing Vulnerability Leading to High CPU and Memory Consumption

A security vulnerability has been discovered in mime/multipart package that can lead to high CPU and memory resource consumption, potentially causing a denial of

Apr 6, 2023 Exploit Go standard library

CVE-2023-24537: Go Language Source Code Parsing Infinitely Loops Caused by Large Line Numbers

It has recently come to light that there is a vulnerability within the Go programming language's parsing functions. This vulnerability, CVE-2023-24537, can cause