Updated: 2024-05-10 10:11:56.220705
Description:
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0 |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | golang | 1.19.13 | 6.5 | MEDIUM | Needs Triage | 2025-05-09 17:31:36 |