cbcvebase.
CVE-2023-24540
published 2023-05-11

CVE-2023-24540: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set…

PriorityP344critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.55%
71.9th percentile
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Affected

19 ranges
VendorProductVersion rangeFixed in
debiangolang-1.15
debiangolang-1.19
go_standard_libraryhtml_template< 1.19.91.19.9
go_standard_libraryhtml_template>= 1.20.0-0 < 1.20.41.20.4
golanggo< 1.19.91.19.9
golanggo>= 1.20.0 < 1.20.41.20.4
msrcazl3_gcc_13.2.0-7_on_azure_linux_3.0
msrcazl3_golang_1.23.7-1_on_azure_linux_3.0
msrcazl3_golang_1.23.9-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrccbl2_golang_1.17.13-2_on_cbl_mariner_2.0
msrccbl2_golang_1.18.8-7_on_cbl_mariner_2.0
msrccbl2_golang_1.21.6-1_on_cbl_mariner_2.0
msrccbl2_msft-golang_1.20.11-1_on_cbl_mariner_2.0
msrccbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0
msrccbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0
paloaltopan-os

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.