DEBIAN-CVE-2023-24540

DEBIAN-CVE-2023-24540 PUBLISHED CVSS 9.800000190734863 CRITICAL

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	golang-1.15	0, 1.15.15-1, 1.15.15-1
Debian:12	golang-1.19	1.19.12-2~bpo12+1, 1.19.13-1~bpo11+1, 1.19.8-2

Timeline

May 11, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-24540 advisory

Open in Interactive Console →