 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2023.0169 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2023-0169) |
| Resumen: | The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2023-0169 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2023-0169 advisory. Vulnerability Insight: Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input. (CVE-2023-24539) Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set '\t\n\f\r\u0020\u2028\u2029' in JavaScript contexts that also contain actions may not be properly sanitized during execution. (CVE-2023-24540) Templates containing actions in unquoted HTML attributes (e.g. 'attr={{.}}') executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. (CVE-2023-29400) Affected Software/OS: 'golang' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-24539 https://go.dev/cl/491615 https://go.dev/issue/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://pkg.go.dev/vuln/GO-2023-1751 Common Vulnerability Exposure (CVE) ID: CVE-2023-24540 https://go.dev/cl/491616 https://go.dev/issue/59721 https://pkg.go.dev/vuln/GO-2023-1752 Common Vulnerability Exposure (CVE) ID: CVE-2023-29400 https://go.dev/cl/491617 https://go.dev/issue/59722 https://pkg.go.dev/vuln/GO-2023-1753 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |