Vulnerability Description
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | < 1.19.9 |
Related Weaknesses (CWE)
References
- https://go.dev/cl/491616Patch
- https://go.dev/issue/59721Issue TrackingPatch
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsUMailing ListRelease Notes
- https://pkg.go.dev/vuln/GO-2023-1752Vendor Advisory
- https://go.dev/cl/491616Patch
- https://go.dev/issue/59721Issue TrackingPatch
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsUMailing ListRelease Notes
- https://pkg.go.dev/vuln/GO-2023-1752Vendor Advisory
- https://security.netapp.com/advisory/ntap-20241115-0008/
FAQ
What is CVE-2023-24540?
CVE-2023-24540 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript conte...
How severe is CVE-2023-24540?
CVE-2023-24540 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-24540?
Check the references section above for vendor advisories and patch information. Affected products include: Golang Go.