mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-05-02 00:32:12 +02:00

Commit Graph

Author	SHA1	Message	Date
Vivek Kumbhar	15f7694793	go: fix CVE-2023-24539 html/template improper sanitization of CSS values Angle brackets should not appear in CSS contexts, as they may affect token boundaries (such as closing a <style> tag, resulting in injection). Instead emit filterFailsafe, matching the behavior for other dangerous characters. Thanks to Juho Nurminen of Mattermost for reporting this issue. For #59720 Fixes #59811 Fixes CVE-2023-24539 (From OE-Core rev: 0a09194f3d4ad98d0cf0d070ec0c99e7a6c8a158) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-06-14 04:16:59 -10:00

Author

SHA1

Message

Date

Vivek Kumbhar

15f7694793

go: fix CVE-2023-24539 html/template improper sanitization of CSS values

Angle brackets should not appear in CSS contexts, as they may affect
token boundaries (such as closing a <style> tag, resulting in
injection). Instead emit filterFailsafe, matching the behavior for other
dangerous characters.

Thanks to Juho Nurminen of Mattermost for reporting this issue.

For #59720
Fixes #59811
Fixes CVE-2023-24539

(From OE-Core rev: 0a09194f3d4ad98d0cf0d070ec0c99e7a6c8a158)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-06-14 04:16:59 -10:00

1 Commits