If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. https://github.com/golang/go/issues/65697
Created golang tracking bugs for this issue: Affects: epel-all [bug 2268255] Affects: fedora-all [bug 2268254]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259
This issue has been addressed in the following products: Red Hat Openshift distributed tracing 3.2 Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621
This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790
This issue has been addressed in the following products: NETWORK-OBSERVABILITY-1.6.0-RHEL-9 Via RHSA-2024:3868 https://access.redhat.com/errata/RHSA-2024:3868
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023
This issue has been addressed in the following products: RHOSS-1.33-RHEL-8 Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045
This issue has been addressed in the following products: RODOO-1.1-RHEL-9 Via RHSA-2024:1616 https://access.redhat.com/errata/RHSA-2024:1616
This issue has been addressed in the following products: OSSO-1.3-RHEL-9 Via RHSA-2024:3637 https://access.redhat.com/errata/RHSA-2024:3637
This issue has been addressed in the following products: KDO-5.0-RHEL-9 Via RHSA-2024:3617 https://access.redhat.com/errata/RHSA-2024:3617
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2024:4520 https://access.redhat.com/errata/RHSA-2024:4520
This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2024:4591 https://access.redhat.com/errata/RHSA-2024:4591
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:4893 https://access.redhat.com/errata/RHSA-2024:4893
This issue has been addressed in the following products: OPENSHIFT-BUILDS-1.1-RHEL-8 Via RHSA-2024:6221 https://access.redhat.com/errata/RHSA-2024:6221