Bug 2268022 (CVE-2024-24785) - CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
Summary: CVE-2024-24785 golang: html/template: errors returned from MarshalJSON method...
Keywords:
Status: NEW
Alias: CVE-2024-24785
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2268254 2276484 2276485 2276486 2276487 2276488 2276489 2276490 2276491 2276492 2276493 2276494 2280891 2292184 2292185 2268255 2268256 2276495
Blocks: 2268016
TreeView+ depends on / blocked
 
Reported: 2024-03-06 02:11 UTC by Robb Gatica
Modified: 2024-06-20 15:40 UTC (History)
104 users (show)

Fixed In Version: go 1.21.8, go 1.22.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:4031 0 None None None 2024-06-20 14:51:57 UTC
Red Hat Product Errata RHBA-2024:4032 0 None None None 2024-06-20 14:52:15 UTC
Red Hat Product Errata RHBA-2024:4033 0 None None None 2024-06-20 15:40:02 UTC
Red Hat Product Errata RHSA-2024:2562 0 None None None 2024-04-30 14:39:52 UTC
Red Hat Product Errata RHSA-2024:3259 0 None None None 2024-05-22 11:37:46 UTC
Red Hat Product Errata RHSA-2024:3621 0 None None None 2024-06-05 05:15:54 UTC
Red Hat Product Errata RHSA-2024:3790 0 None None None 2024-06-11 02:33:32 UTC
Red Hat Product Errata RHSA-2024:3868 0 None None None 2024-06-17 00:44:21 UTC
Red Hat Product Errata RHSA-2024:4023 0 None None None 2024-06-20 12:37:45 UTC
Red Hat Product Errata RHSA-2024:4028 0 None None None 2024-06-20 13:20:15 UTC

Description Robb Gatica 2024-03-06 02:11:26 UTC 
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the
html/template package, allowing for subsequent actions to inject unexpected content into templates.

https://github.com/golang/go/issues/65697
Comment 3 Robb Gatica 2024-03-06 19:47:39 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2268255]
Affects: fedora-all [bug 2268254]
Comment 14 errata-xmlrpc 2024-04-30 14:39:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562
Comment 19 errata-xmlrpc 2024-05-22 11:37:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259
Comment 20 errata-xmlrpc 2024-06-05 05:15:46 UTC 
This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 3.2

Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621
Comment 22 errata-xmlrpc 2024-06-11 02:33:25 UTC 
This issue has been addressed in the following products:

  OADP-1.3-RHEL-9

Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790
Comment 25 errata-xmlrpc 2024-06-17 00:44:14 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.6.0-RHEL-9

Via RHSA-2024:3868 https://access.redhat.com/errata/RHSA-2024:3868
Comment 26 errata-xmlrpc 2024-06-20 12:37:37 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023
Comment 27 errata-xmlrpc 2024-06-20 13:20:08 UTC 
This issue has been addressed in the following products:

  RHOSS-1.33-RHEL-8

Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028
Note You need to log in before you can comment on or make changes to this bug.