diff options
| author | Vivek Kumbhar <vkumbhar@mvista.com> | 2023-05-31 18:43:20 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-06-14 04:16:59 -1000 |
| commit | 15f7694793aa90e882e623ff990903f1286b1260 (patch) | |
| tree | f2d3bd816e8b7082c70b51f187fabe06d609b1d4 /scripts/cp-noerror | |
| parent | 3c6eb3977334c414fbf0f9529e79c5d12ddf90d1 (diff) | |
| download | poky-15f7694793aa90e882e623ff990903f1286b1260.tar.gz | |
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
Angle brackets should not appear in CSS contexts, as they may affect
token boundaries (such as closing a <style> tag, resulting in
injection). Instead emit filterFailsafe, matching the behavior for other
dangerous characters.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
For #59720
Fixes #59811
Fixes CVE-2023-24539
(From OE-Core rev: 0a09194f3d4ad98d0cf0d070ec0c99e7a6c8a158)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/cp-noerror')
0 files changed, 0 insertions, 0 deletions
