summaryrefslogtreecommitdiffstats
path: root/scripts/tiny
diff options
context:
space:
mode:
authorVivek Kumbhar <vkumbhar@mvista.com>2023-05-31 18:43:20 +0530
committerSteve Sakoman <steve@sakoman.com>2023-06-14 04:16:59 -1000
commit15f7694793aa90e882e623ff990903f1286b1260 (patch)
treef2d3bd816e8b7082c70b51f187fabe06d609b1d4 /scripts/tiny
parent3c6eb3977334c414fbf0f9529e79c5d12ddf90d1 (diff)
downloadpoky-15f7694793aa90e882e623ff990903f1286b1260.tar.gz
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
Angle brackets should not appear in CSS contexts, as they may affect token boundaries (such as closing a <style> tag, resulting in injection). Instead emit filterFailsafe, matching the behavior for other dangerous characters. Thanks to Juho Nurminen of Mattermost for reporting this issue. For #59720 Fixes #59811 Fixes CVE-2023-24539 (From OE-Core rev: 0a09194f3d4ad98d0cf0d070ec0c99e7a6c8a158) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/tiny')
0 files changed, 0 insertions, 0 deletions