Back to bug 2196029
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2023-05-08 09:23:32 UTC | Summary | CVE-2023-29400 html/template: improper handling of empty HTML attributes | CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes |
| Anten Skrabec | 2023-05-08 09:26:22 UTC | CC | amctagga, aoconnor, asm, bniver, bodavis, dbenoit, emachado, flucifre, gmeno, mbenjamin, mhackett, mnewsome, sipoyare, sostapov, tstellar, vereddy | |
| Anten Skrabec | 2023-05-08 09:26:32 UTC | CC | abishop, ansmith, aveerama, bbaude, bbuckingham, bcourt, chazlett, cwelton, davidn, dcadzow, debarshir, desktop-qa-list, dkenigsb, dwalsh, eglynn, ehelms, ellin, epacific, fdeutsch, grafana-maint, jcammara, jhardy, jjoyce, jkurik, jligon, jneedle, jnovy, jobarker, joelsmith, jsherril, lhh, lsm5, lzap, mabashia, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mokumar, myarboro, nathans, nbecker, nmoumoul, ocs-bugs, orabin, oramraz, osapryki, osbuilders, pcreech, pehunt, pjindal, pthomas, rchan, rgarg, rhcos-sst, saroy, scorneli, scox, sgott, shbose, simaishi, smcdonal, smullick, spower, teagle, tsweeney, ubhargav, umohnani, yguenane, zsadeh | |
| Anten Skrabec | 2023-05-08 09:26:49 UTC | CC | amasferr, bdettelb, dsimansk, dymurray, gparvin, ibolton, jcantril, jkoehler, jmatthew, jmontleo, lball, matzew, mkudlej, mrajanna, mwringe, nboldt, njean, owatkins, pahickey, periklis, rhos-maint, rhuss, rjohnson, rrajasek, skontopo, slucidi, sseago, stcannon, tjochec, whayutin | |
| Anten Skrabec | 2023-05-08 09:27:12 UTC | CC | jwendell, rcernich, twalsh | |
| RaTasha Tillery-Smith | 2023-05-08 12:56:46 UTC | CC | adudiak, kshier, tfister | |
| Doc Text | Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | A flaw was found in golang, where templates containing actions in unquoted HTML attributes (for example, "attr={{.}}") executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags. | ||
| Anten Skrabec | 2023-05-09 10:00:14 UTC | Depends On | 2196474, 2196475 | |
| Anten Skrabec | 2023-05-09 10:17:41 UTC | Depends On | 2196482, 2196485, 2196487, 2196488, 2196491, 2196483, 2196481, 2196492, 2196490, 2196484, 2196486, 2196489 | |
| Borja Tarraso | 2023-05-09 12:53:04 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| TEJ RATHI | 2023-05-11 15:21:42 UTC | CC | aveerama, bbaude, debarshir, desktop-qa-list, dwalsh, ellin, grafana-maint, jkurik, jligon, jnovy, lsm5, mboddu, mheon, nathans, nboldt, osbuilders, pehunt, pthomas, rgarg, rhcos-sst, scorneli, scox, shbose, tsweeney, ubhargav, umohnani | |
| TEJ RATHI | 2023-05-11 15:22:42 UTC | CC | aveerama, bbaude, debarshir, desktop-qa-list, dwalsh, ellin, grafana-maint, jkurik, jligon, jnovy, lsm5, mboddu, mheon, nathans, osbuilders, pehunt, pthomas, rgarg, rhcos-sst, scorneli, scox, shbose, tsweeney, ubhargav, umohnani | |
| TEJ RATHI | 2023-05-11 15:23:11 UTC | CC | nboldt | |
| TEJ RATHI | 2023-05-11 16:13:16 UTC | Depends On | 2203249, 2203251, 2203250 | |
| Red Hat Bugzilla | 2023-05-15 18:03:43 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:50:37 UTC | CC | dcadzow | |
| TEJ RATHI | 2023-05-16 07:37:23 UTC | Depends On | 2207503, 2207502, 2207505, 2207515, 2207510, 2207509, 2207512, 2207514, 2207511, 2207506, 2207508, 2207504, 2207507, 2207513 | |
| TEJ RATHI | 2023-05-16 07:45:45 UTC | Depends On | 2207519, 2207522, 2207518, 2207521, 2207523, 2207520 | |
| Red Hat Bugzilla | 2023-05-16 09:27:33 UTC | CC | mokumar | |
| Marco Benatto | 2023-05-16 20:55:28 UTC | CC | dperaza, jchui | |
| Marco Benatto | 2023-05-16 20:57:15 UTC | CC | dshah, tkral | |
| errata-xmlrpc | 2023-05-25 12:26:22 UTC | Link ID | Red Hat Product Errata RHSA-2023:3323 | |
| errata-xmlrpc | 2023-05-31 19:38:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:3415 | |
| Red Hat Bugzilla | 2023-05-31 23:37:39 UTC | CC | mrajanna | |
| errata-xmlrpc | 2023-06-05 09:29:01 UTC | Link ID | Red Hat Product Errata RHSA-2023:3435 | |
| errata-xmlrpc | 2023-06-05 14:08:30 UTC | Link ID | Red Hat Product Errata RHSA-2023:3445 | |
| errata-xmlrpc | 2023-06-07 01:51:05 UTC | Link ID | Red Hat Product Errata RHSA-2023:3367 | |
| errata-xmlrpc | 2023-06-13 15:32:41 UTC | Link ID | Red Hat Product Errata RHSA-2023:3540 | |
| Red Hat Bugzilla | 2023-06-14 21:29:50 UTC | CC | mcressma | |
| errata-xmlrpc | 2023-06-28 15:43:02 UTC | Link ID | Red Hat Product Errata RHSA-2023:3905 | |
| errata-xmlrpc | 2023-06-29 00:59:27 UTC | Link ID | Red Hat Product Errata RHSA-2023:3918 | |
| Joel Smith | 2023-06-29 21:45:32 UTC | CC | joelsmith | |
| Doc Type | --- | If docs needed, set a value | ||
| Paige Jung | 2023-06-29 22:03:07 UTC | Doc Text | A flaw was found in golang, where templates containing actions in unquoted HTML attributes (for example, "attr={{.}}") executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags. | A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr={{.}}") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags. |
| Red Hat Bugzilla | 2023-07-07 08:28:51 UTC | Assignee | security-response-team | nobody |
| Carlos O'Donell | 2023-07-09 12:57:33 UTC | CC | mnewsome | |
| errata-xmlrpc | 2023-07-10 08:51:41 UTC | Link ID | Red Hat Product Errata RHSA-2023:4003 | |
| TEJ RATHI | 2023-07-12 04:33:51 UTC | CC | nmontero | |
| TEJ RATHI | 2023-07-12 04:59:16 UTC | Depends On | 2221850 | |
| Chess Hazlett | 2023-07-17 19:04:09 UTC | CC | ataylor, jross, rkieley | |
| errata-xmlrpc | 2023-07-20 17:29:09 UTC | Link ID | Red Hat Product Errata RHSA-2023:4093 | |
| errata-xmlrpc | 2023-07-27 01:14:07 UTC | Link ID | Red Hat Product Errata RHSA-2023:4293 | |
| Red Hat Bugzilla | 2023-08-03 08:28:46 UTC | CC | ocs-bugs | |
| errata-xmlrpc | 2023-08-03 14:12:39 UTC | Link ID | Red Hat Product Errata RHSA-2023:4470 | |
| errata-xmlrpc | 2023-08-03 15:51:37 UTC | Link ID | Red Hat Product Errata RHSA-2023:4472 | |
| errata-xmlrpc | 2023-08-08 00:36:42 UTC | Link ID | Red Hat Product Errata RHSA-2023:4335 | |
| errata-xmlrpc | 2023-08-08 11:30:19 UTC | Link ID | Red Hat Product Errata RHSA-2023:4459 | |
| errata-xmlrpc | 2023-08-14 01:03:04 UTC | Link ID | Red Hat Product Errata RHSA-2023:4627 | |
| errata-xmlrpc | 2023-08-16 14:09:53 UTC | Link ID | Red Hat Product Errata RHSA-2023:4664 |
Back to bug 2196029