Bug 2268022 (CVE-2024-24785) - CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
Summary: CVE-2024-24785 golang: html/template: errors returned from MarshalJSON method...
Keywords:
Status: NEW
Alias: CVE-2024-24785
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2268254 2276485 2276486 2276487 2276488 2276490 2276491 2276492 2276493 2280891 2292184 2292185 2268255 2268256 2276484 2276489 2276494 2276495
Blocks: 2268016
TreeView+ depends on / blocked
 
Reported: 2024-03-06 02:11 UTC by Robb Gatica
Modified: 2024-09-03 11:45 UTC (History)
104 users (show)

Fixed In Version: go 1.21.8, go 1.22.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:4031 0 None None None 2024-06-20 14:51:57 UTC
Red Hat Product Errata RHBA-2024:4032 0 None None None 2024-06-20 14:52:15 UTC
Red Hat Product Errata RHBA-2024:4033 0 None None None 2024-06-20 15:40:02 UTC
Red Hat Product Errata RHSA-2024:0041 0 None None None 2024-06-27 11:24:05 UTC
Red Hat Product Errata RHSA-2024:0045 0 None None None 2024-06-27 13:01:21 UTC
Red Hat Product Errata RHSA-2024:1616 0 None None None 2024-07-01 00:29:18 UTC
Red Hat Product Errata RHSA-2024:2562 0 None None None 2024-04-30 14:39:52 UTC
Red Hat Product Errata RHSA-2024:3259 0 None None None 2024-05-22 11:37:46 UTC
Red Hat Product Errata RHSA-2024:3617 0 None None None 2024-07-01 00:53:05 UTC
Red Hat Product Errata RHSA-2024:3621 0 None None None 2024-06-05 05:15:54 UTC
Red Hat Product Errata RHSA-2024:3637 0 None None None 2024-07-01 00:39:54 UTC
Red Hat Product Errata RHSA-2024:3790 0 None None None 2024-06-11 02:33:32 UTC
Red Hat Product Errata RHSA-2024:3868 0 None None None 2024-06-17 00:44:21 UTC
Red Hat Product Errata RHSA-2024:4023 0 None None None 2024-06-20 12:37:45 UTC
Red Hat Product Errata RHSA-2024:4028 0 None None None 2024-06-20 13:20:15 UTC
Red Hat Product Errata RHSA-2024:4520 0 None None None 2024-07-11 17:32:59 UTC
Red Hat Product Errata RHSA-2024:4591 0 None None None 2024-07-17 13:15:16 UTC
Red Hat Product Errata RHSA-2024:4893 0 None None None 2024-07-29 00:17:03 UTC
Red Hat Product Errata RHSA-2024:6221 0 None None None 2024-09-03 11:45:20 UTC

Description Robb Gatica 2024-03-06 02:11:26 UTC
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the
html/template package, allowing for subsequent actions to inject unexpected content into templates.

https://github.com/golang/go/issues/65697

Comment 3 Robb Gatica 2024-03-06 19:47:39 UTC
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2268255]
Affects: fedora-all [bug 2268254]

Comment 14 errata-xmlrpc 2024-04-30 14:39:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562

Comment 19 errata-xmlrpc 2024-05-22 11:37:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259

Comment 20 errata-xmlrpc 2024-06-05 05:15:46 UTC
This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 3.2

Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621

Comment 22 errata-xmlrpc 2024-06-11 02:33:25 UTC
This issue has been addressed in the following products:

  OADP-1.3-RHEL-9

Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790

Comment 25 errata-xmlrpc 2024-06-17 00:44:14 UTC
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.6.0-RHEL-9

Via RHSA-2024:3868 https://access.redhat.com/errata/RHSA-2024:3868

Comment 26 errata-xmlrpc 2024-06-20 12:37:37 UTC
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023

Comment 27 errata-xmlrpc 2024-06-20 13:20:08 UTC
This issue has been addressed in the following products:

  RHOSS-1.33-RHEL-8

Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028

Comment 28 errata-xmlrpc 2024-06-27 11:23:57 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041

Comment 29 errata-xmlrpc 2024-06-27 13:01:15 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045

Comment 30 errata-xmlrpc 2024-07-01 00:29:10 UTC
This issue has been addressed in the following products:

  RODOO-1.1-RHEL-9

Via RHSA-2024:1616 https://access.redhat.com/errata/RHSA-2024:1616

Comment 31 errata-xmlrpc 2024-07-01 00:39:47 UTC
This issue has been addressed in the following products:

  OSSO-1.3-RHEL-9

Via RHSA-2024:3637 https://access.redhat.com/errata/RHSA-2024:3637

Comment 32 errata-xmlrpc 2024-07-01 00:52:57 UTC
This issue has been addressed in the following products:

  KDO-5.0-RHEL-9

Via RHSA-2024:3617 https://access.redhat.com/errata/RHSA-2024:3617

Comment 34 errata-xmlrpc 2024-07-11 17:32:52 UTC
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2024:4520 https://access.redhat.com/errata/RHSA-2024:4520

Comment 35 errata-xmlrpc 2024-07-17 13:15:07 UTC
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2024:4591 https://access.redhat.com/errata/RHSA-2024:4591

Comment 36 errata-xmlrpc 2024-07-29 00:16:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:4893 https://access.redhat.com/errata/RHSA-2024:4893

Comment 37 errata-xmlrpc 2024-09-03 11:45:14 UTC
This issue has been addressed in the following products:

  OPENSHIFT-BUILDS-1.1-RHEL-8

Via RHSA-2024:6221 https://access.redhat.com/errata/RHSA-2024:6221


Note You need to log in before you can comment on or make changes to this bug.