go: Fix CVE-2023-39319 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2023-09-14 16:33:48 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-09-23 05:26:15 -1000
commit	de7443a25dbed19adf14ddbf7dbed430dd567903 (patch)
tree	079215c3b609927b1de6078b1f70452806ece64c /scripts/lib/devtool/package.py
parent	5c556073ac6e54314aa3fc210db040f3ab55105a (diff)
download	poky-de7443a25dbed19adf14ddbf7dbed430dd567903.tar.gz

go: Fix CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. References: https://nvd.nist.gov/vuln/detail/CVE-2023-39319 (From OE-Core rev: afdc322ecff4cfd8478c89a03f7fce748a132b48) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/package.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: