If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. https://github.com/golang/go/issues/65697
Created golang tracking bugs for this issue: Affects: epel-all [bug 2268255] Affects: fedora-all [bug 2268254]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562