Description
Improper rendering of text nodes in golang.org/x/net/html
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =1:0.10.0-1 || =1:0.11.0-1 || =1:0.14.0-1 || =1:0.15.0-1 || =1:0.15.0-2 || =1:0.17.0+dfsg-1 || =1:0.19.0+dfsg-1 || =1:0.20.0+dfsg-1 || =1:0.21.0+dfsg-1 || =1:0.22.0+dfsg-1 || =1:0.23.0+dfsg-1 || =1:0.24.0+dfsg-1 || =1:0.25.0+dfsg-1 || =1:0.26.0+dfsg-1 || =1:0.26.0+dfsg-2 || =1:0.27.0-1 || =1:0.27.0-2 || =1:0.47.0-1 || =1:0.47.0-2 || =1:0.53.0-1 || =1:0.53.0-2 || =1:0.7.0+dfsg-1 | - |
 go | | | 0.13.0 |
debian 11 | | =1:0.0+git20210119.5f4716e+dfsg-4 || =1:0.0+git20210805.aaa1db6+dfsg-1 || =1:0.0+git20211209.491a49a+dfsg-1 || =1:0.0+git20211209.491a49a+dfsg-1~bpo11+1 || =1:0.0+git20220225.27dd868+dfsg-1 || =1:0.0+git20220531.c960675+dfsg-1 || =1:0.0+git20220624.1bab6f3+dfsg-1 || =1:0.0+git20220728.c7608f3+dfsg-1 || =1:0.0+git20220728.c7608f3+dfsg-2 || =1:0.0+git20220728.c7608f3+dfsg-2~bpo11+1 || =1:0.0+git20221012.0b7e1fb+dfsg-1 || =1:0.0+git20221012.0b7e1fb+dfsg-1~bpo11+1 || =1:0.1.0+dfsg-1 || =1:0.10.0-1 || =1:0.11.0-1 || =1:0.14.0-1 || =1:0.15.0-1 || =1:0.15.0-2 || =1:0.17.0+dfsg-1 || =1:0.19.0+dfsg-1 || =1:0.20.0+dfsg-1 || =1:0.21.0+dfsg-1 || =1:0.22.0+dfsg-1 || =1:0.23.0+dfsg-1 || =1:0.24.0+dfsg-1 || =1:0.25.0+dfsg-1 || =1:0.26.0+dfsg-1 || =1:0.26.0+dfsg-2 || =1:0.27.0-1 || =1:0.27.0-2 || =1:0.4.0+dfsg-1 || =1:0.47.0-1 || =1:0.47.0-2 || =1:0.53.0-1 || =1:0.53.0-2 || =1:0.7.0+dfsg-1 | - |
debian 13 | | | 1:0.14.0-1 |
debian 14 | | | 1:0.14.0-1 |
go | | | 0.13.0 |
 rpm rhel8 | | - | - |
rpm rhel9 | | - | - |
rpm rhel7 | | - | - |
rpm rhel9 | | | 2:4.6.1-5.el9 |
