Bug 2184481 (CVE-2023-24538) - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters
Summary: CVE-2023-24538 golang: html/template: backticks not treated as string delimiters
Keywords:
Status: NEW
Alias: CVE-2023-24538
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2186205 2186206 2186207 2187314 2187315 2187316 2187317 2187318 2187319 2187320 2187321 2187322 2187323 2187330 2187331 2187332 2187333 2187334 2187335 2187336 2187337 2187338 2187339 2187340 2187341 2187342 2187343 2187344 2187345 2188999 2189000 2189001 2189002 2189003 2189004 2189005 2189006 2189007 2189008 2189009 2189010 2189011 2189012 2189013 2189014 2189015 2189016 2189017
Blocks: 2184485
TreeView+ depends on / blocked
 
Reported: 2023-04-04 20:21 UTC by Pedro Sampaio
Modified: 2024-02-08 16:58 UTC (History)
145 users (show)

Fixed In Version: golang 1.20.3, golang 1.19.8
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:6108 0 None None None 2023-10-25 12:15:32 UTC
Red Hat Product Errata RHSA-2023:3323 0 None None None 2023-05-25 12:26:07 UTC
Red Hat Product Errata RHSA-2023:3367 0 None None None 2023-06-07 01:50:48 UTC
Red Hat Product Errata RHSA-2023:3445 0 None None None 2023-06-05 14:08:16 UTC
Red Hat Product Errata RHSA-2023:3450 0 None None None 2023-06-05 16:44:23 UTC
Red Hat Product Errata RHSA-2023:3455 0 None None None 2023-06-05 23:42:56 UTC
Red Hat Product Errata RHSA-2023:3540 0 None None None 2023-06-13 15:32:35 UTC
Red Hat Product Errata RHSA-2023:3612 0 None None None 2023-06-23 04:39:44 UTC
Red Hat Product Errata RHSA-2023:3624 0 None None None 2023-06-15 09:48:19 UTC
Red Hat Product Errata RHSA-2023:3918 0 None None None 2023-06-29 00:59:12 UTC
Red Hat Product Errata RHSA-2023:3943 0 None None None 2023-06-29 14:32:39 UTC
Red Hat Product Errata RHSA-2023:4003 0 None None None 2023-07-10 08:51:27 UTC
Red Hat Product Errata RHSA-2023:4093 0 None None None 2023-07-20 17:28:57 UTC
Red Hat Product Errata RHSA-2023:4335 0 None None None 2023-08-08 00:36:27 UTC
Red Hat Product Errata RHSA-2023:4470 0 None None None 2023-08-03 14:12:52 UTC
Red Hat Product Errata RHSA-2023:4627 0 None None None 2023-08-14 01:02:44 UTC
Red Hat Product Errata RHSA-2023:4657 0 None None None 2023-08-23 00:18:03 UTC
Red Hat Product Errata RHSA-2023:4664 0 None None None 2023-08-16 14:09:34 UTC
Red Hat Product Errata RHSA-2023:4986 0 None None None 2023-09-06 07:56:23 UTC
Red Hat Product Errata RHSA-2023:5964 0 None None None 2023-10-20 14:57:16 UTC
Red Hat Product Errata RHSA-2023:6346 0 None None None 2023-11-07 08:13:31 UTC
Red Hat Product Errata RHSA-2023:6363 0 None None None 2023-11-07 08:14:03 UTC
Red Hat Product Errata RHSA-2023:6402 0 None None None 2023-11-07 08:15:52 UTC
Red Hat Product Errata RHSA-2023:6473 0 None None None 2023-11-07 08:17:06 UTC
Red Hat Product Errata RHSA-2023:6474 0 None None None 2023-11-07 08:17:38 UTC
Red Hat Product Errata RHSA-2023:6938 0 None None None 2023-11-14 15:16:37 UTC
Red Hat Product Errata RHSA-2023:6939 0 None None None 2023-11-14 15:17:20 UTC
Red Hat Product Errata RHSA-2024:0746 0 None None None 2024-02-08 16:58:28 UTC

Description Pedro Sampaio 2023-04-04 20:21:00 UTC
Templates did not properly consider backticks (`) as Javascript string delimiters, and as such did
not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template
contained a Go template action within a Javascript template literal, the contents of the action could
be used to terminate the literal, injecting arbitrary Javascript code into the Go template.

References:

https://github.com/golang/go/issues/59234
https://github.com/golang/go/issues/59272

Comment 9 Avinash Hanwate 2023-04-24 04:54:33 UTC
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2188999]
Affects: fedora-all [bug 2189000]

Comment 18 errata-xmlrpc 2023-05-25 12:26:02 UTC
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2023:3323 https://access.redhat.com/errata/RHSA-2023:3323

Comment 20 errata-xmlrpc 2023-06-05 14:08:08 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2023:3445 https://access.redhat.com/errata/RHSA-2023:3445

Comment 21 errata-xmlrpc 2023-06-05 16:44:18 UTC
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2023:3450 https://access.redhat.com/errata/RHSA-2023:3450

Comment 22 errata-xmlrpc 2023-06-05 23:42:49 UTC
This issue has been addressed in the following products:

  RHOSS-1.29-RHEL-8

Via RHSA-2023:3455 https://access.redhat.com/errata/RHSA-2023:3455

Comment 23 errata-xmlrpc 2023-06-07 01:50:41 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:3367 https://access.redhat.com/errata/RHSA-2023:3367

Comment 24 errata-xmlrpc 2023-06-13 15:32:28 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:3540 https://access.redhat.com/errata/RHSA-2023:3540

Comment 27 errata-xmlrpc 2023-06-15 09:48:11 UTC
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2023:3624 https://access.redhat.com/errata/RHSA-2023:3624

Comment 28 errata-xmlrpc 2023-06-23 04:39:38 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612

Comment 29 errata-xmlrpc 2023-06-29 00:59:06 UTC
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2023:3918 https://access.redhat.com/errata/RHSA-2023:3918

Comment 30 errata-xmlrpc 2023-06-29 14:32:33 UTC
This issue has been addressed in the following products:

  RHACS-4.1-RHEL-8

Via RHSA-2023:3943 https://access.redhat.com/errata/RHSA-2023:3943

Comment 32 errata-xmlrpc 2023-07-10 08:51:21 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 8
  Service Interconnect 1 for RHEL 9

Via RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003

Comment 35 errata-xmlrpc 2023-07-20 17:28:52 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13
  Ironic content for Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4093

Comment 37 errata-xmlrpc 2023-08-03 14:12:45 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.3 for RHEL 8

Via RHSA-2023:4470 https://access.redhat.com/errata/RHSA-2023:4470

Comment 38 errata-xmlrpc 2023-08-08 00:36:22 UTC
This issue has been addressed in the following products:

  CERT-MANAGER-1.10-RHEL-9

Via RHSA-2023:4335 https://access.redhat.com/errata/RHSA-2023:4335

Comment 39 errata-xmlrpc 2023-08-14 01:02:37 UTC
This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627

Comment 40 errata-xmlrpc 2023-08-16 14:09:29 UTC
This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:4664 https://access.redhat.com/errata/RHSA-2023:4664

Comment 41 errata-xmlrpc 2023-08-23 00:17:57 UTC
This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2023:4657 https://access.redhat.com/errata/RHSA-2023:4657

Comment 42 errata-xmlrpc 2023-09-06 07:56:16 UTC
This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 2.9

Via RHSA-2023:4986 https://access.redhat.com/errata/RHSA-2023:4986

Comment 43 errata-xmlrpc 2023-10-20 14:57:09 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2023:5964 https://access.redhat.com/errata/RHSA-2023:5964

Comment 44 errata-xmlrpc 2023-11-07 08:13:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6346 https://access.redhat.com/errata/RHSA-2023:6346

Comment 45 errata-xmlrpc 2023-11-07 08:13:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363

Comment 46 errata-xmlrpc 2023-11-07 08:15:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402

Comment 47 errata-xmlrpc 2023-11-07 08:16:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473

Comment 48 errata-xmlrpc 2023-11-07 08:17:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474

Comment 49 errata-xmlrpc 2023-11-14 15:16:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938

Comment 50 errata-xmlrpc 2023-11-14 15:17:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939

Comment 51 errata-xmlrpc 2024-02-08 16:58:18 UTC
This issue has been addressed in the following products:

  Red Hat Ceph Storage 5.3

Via RHSA-2024:0746 https://access.redhat.com/errata/RHSA-2024:0746


Note You need to log in before you can comment on or make changes to this bug.