Errors returned from JSON marshaling may break template escaping in html/template
CVE-2024-24785

5.4MEDIUM

Key Information:

Vendor: Go Standard Library
Status: Html/template
Vendor: CVE Published:; 5 March 2024

What is CVE-2024-24785?

This vulnerability arises when user-controlled data is included in errors returned by MarshalJSON methods. Such scenarios disrupt the auto-escaping mechanism of Go's html/template package, making it possible for an attacker to exploit this flaw and inject unintended content into templates. The implications of this vulnerability may affect the integrity and confidentiality of applications utilizing the affected versions of the Go programming language.

Affected Version(s)

html/template 0 < 1.21.8

html/template 1.22.0-0 < 1.22.1

References

https://go.dev/issue/65697

https://go.dev/cl/564196

https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2024
Vulnerability Reserved
Jan 30, 2024

Credit

RyotaK (https://ryotak.net)