DEBIAN-CVE-2023-29400

DEBIAN-CVE-2023-29400 PUBLISHED CVSS 7.300000190734863 HIGH

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Risk Scores

CVSS 3.1

7.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Debian:11	golang-1.15	1.15.15-1~deb11u2, 1.15.15-1~deb11u3, 1.15.15-2
Debian:12	golang-1.19	1.19.10-2, 1.19.13-1, 1.19.9-1

Exploit Intelligence

.trivyignore.yml (github-poc)

Timeline

May 11, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-29400 advisory

Open in Interactive Console →