DEBIAN-CVE-2023-24540
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 11 May 2023, 16:15
Last modified:28 Apr 2026, 20:25
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 May 2023, 16:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:25
Last Modified
Vulnerability information updated
Description
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- debian•golang-1.15
all
- debian•golang-1.19
all