Showing 1 - 3 of 3

CVE-2024-24785

Status Candidate

Overview

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.

Related Files

Ubuntu Security Notice USN-7061-1: Posted Oct 10, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.; tags | advisory, arbitrary, javascript; systems | linux, ubuntu; advisories | CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39319, CVE-2023-39325, CVE-2024-24785; SHA-256 | 366aa6bc269ca28c4b992ad13527bd77d7968a9ad5dcd84915ed51954acbe4c1; Download | Favorite | View

Gentoo Linux Security Advisory 202408-07: Posted Aug 7, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202408-7 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. Versions greater than or equal to 1.22.3 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2023-24539, CVE-2023-24540, CVE-2023-29400, CVE-2023-39326, CVE-2023-45283, CVE-2023-45285, CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24788; SHA-256 | 2ccc903a817532e66048ef0c9f0125745b5ac34d11a79d6ecf529ae860f2676d; Download | Favorite | View

Ubuntu Security Notice USN-6886-1: Posted Jul 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.; tags | advisory, web, denial of service; systems | linux, ubuntu; advisories | CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24788, CVE-2024-24789, CVE-2024-24790; SHA-256 | 66197d055fed6c97073d4c955f114f48acbb90bca8321f4984ae151d375a3e75; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2024-24785

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems