{"id":"GO-2023-1751","summary":"Improper sanitization of CSS values in html/template","details":"Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.","aliases":["BIT-golang-2023-24539","CVE-2023-24539"],"modified":"2026-02-04T04:31:56.779446Z","published":"2023-05-05T21:10:20Z","related":["CGA-fh88-rpf7-h83h"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-1751","review_status":"REVIEWED"},"references":[{"type":"REPORT","url":"https://go.dev/issue/59720"},{"type":"FIX","url":"https://go.dev/cl/491615"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.19.9"},{"introduced":"1.20.0-0"},{"fixed":"1.20.4"}]}],"ecosystem_specific":{"imports":[{"path":"html/template","symbols":["Template.Execute","Template.ExecuteTemplate","cssValueFilter","escaper.commit"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1751.json"}}],"schema_version":"1.7.3","credits":[{"name":"Juho Nurminen of Mattermost"}]}