VDB
RHSA-2023%3A3379
RHSA-2023%3A3379
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:98d9268f02f64b676b3d92b80c89ae2bdbe3cafe7b32f97b4a70fb0b4d64bea2_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:98d9268f02f64b676b3d92b80c89ae2bdbe3cafe7b32f97b4a70fb0b4d64bea2_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:3579e99d2c9afa5b357fb6f1359629a8be4638ff12eaad0c329c4f158bba765f_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:3579e99d2c9afa5b357fb6f1359629a8be4638ff12eaad0c329c4f158bba765f_amd64 |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:459a8d91beff91638872d377a8b82c279ad2905ce3f4ad4bfc00f6822418ac57_amd64 as a component of RHACS 3.73 for RHEL 8 | * |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:3579e99d2c9afa5b357fb6f1359629a8be4638ff12eaad0c329c4f158bba765f_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:3579e99d2c9afa5b357fb6f1359629a8be4638ff12eaad0c329c4f158bba765f_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3a565b2d7a6338e41f012642604c1d307ca3e987dfe3788ccfa5c1bedf1cdb87_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3a565b2d7a6338e41f012642604c1d307ca3e987dfe3788ccfa5c1bedf1cdb87_amd64 |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:35ba7b18c1c28ecfa2d09893d805b8ede9cdd3bf38a67de8e4dd7d6b2e3e9383_amd64 as a component of RHACS 3.73 for RHEL 8 | * |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:b76d0c880313d14551a30ade5b16dea647f22c85bda14d812b92ee9e91464a93_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:b76d0c880313d14551a30ade5b16dea647f22c85bda14d812b92ee9e91464a93_amd64 |
| Red Hat | advanced-cluster-security/rhacs-docs-rhel8@sha256:633d4d46676d03efe1cef6f410a2965ea668677a3b56760bcd37e0146329648e_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-docs-rhel8@sha256:633d4d46676d03efe1cef6f410a2965ea668677a3b56760bcd37e0146329648e_amd64 |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7675ee36f8e523b3d1edcf194104f11a4d48d46f47ca9861dc205124c6074b8_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7675ee36f8e523b3d1edcf194104f11a4d48d46f47ca9861dc205124c6074b8_amd64 |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:35ba7b18c1c28ecfa2d09893d805b8ede9cdd3bf38a67de8e4dd7d6b2e3e9383_amd64 as a component of RHACS 3.73 for RHEL 8 | * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bbfd99b311b433bc680f801bab7fa9302cc4afbd6ab1ce178b8d24c1ada8b345_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bbfd99b311b433bc680f801bab7fa9302cc4afbd6ab1ce178b8d24c1ada8b345_amd64 |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7675ee36f8e523b3d1edcf194104f11a4d48d46f47ca9861dc205124c6074b8_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7675ee36f8e523b3d1edcf194104f11a4d48d46f47ca9861dc205124c6074b8_amd64 |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:b76d0c880313d14551a30ade5b16dea647f22c85bda14d812b92ee9e91464a93_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:b76d0c880313d14551a30ade5b16dea647f22c85bda14d812b92ee9e91464a93_amd64 |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:d47dec1aea6c8b9c6de911d462a9ac21038c8ac767fe6bad9601250fa444b25a_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-collector-rhel8@sha256:d47dec1aea6c8b9c6de911d462a9ac21038c8ac767fe6bad9601250fa444b25a_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e63c6c2f890a874413859b8192cf3cd5f058b035789e77f630d4c76b250f27b0_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e63c6c2f890a874413859b8192cf3cd5f058b035789e77f630d4c76b250f27b0_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3a565b2d7a6338e41f012642604c1d307ca3e987dfe3788ccfa5c1bedf1cdb87_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3a565b2d7a6338e41f012642604c1d307ca3e987dfe3788ccfa5c1bedf1cdb87_amd64 |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:10210433ac4c2b553f62b8c4bcb724d8cf03580a2e69a7345309bc2885e1ca80_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:10210433ac4c2b553f62b8c4bcb724d8cf03580a2e69a7345309bc2885e1ca80_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e63c6c2f890a874413859b8192cf3cd5f058b035789e77f630d4c76b250f27b0_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e63c6c2f890a874413859b8192cf3cd5f058b035789e77f630d4c76b250f27b0_amd64 |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:98d9268f02f64b676b3d92b80c89ae2bdbe3cafe7b32f97b4a70fb0b4d64bea2_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:98d9268f02f64b676b3d92b80c89ae2bdbe3cafe7b32f97b4a70fb0b4d64bea2_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bbfd99b311b433bc680f801bab7fa9302cc4afbd6ab1ce178b8d24c1ada8b345_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bbfd99b311b433bc680f801bab7fa9302cc4afbd6ab1ce178b8d24c1ada8b345_amd64 |
…and 4 more
Exploit Intelligence
- .trivyignore.yml (github-poc)
- .grype.yaml (github-poc)
Timeline
- May 31, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:3379 advisory
- https://docs.openshift.com/acs/3.73/release_notes/373-release-notes.html advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2196027 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3379.json advisory
- https://access.redhat.com/security/cve/CVE-2023-24540 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-24540 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-24540 advisory
- https://go.dev/issue/59721 advisory
- https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU advisory