More information
#### Details
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
#### Severity
Unknown
#### References
- [https://go.dev/issue/61615](https://go.dev/issue/61615)
- [https://go.dev/cl/514896](https://go.dev/cl/514896)
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2023-1988) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v0.7.0
->v0.13.0
Improper rendering of text nodes in golang.org/x/net/html
CVE-2023-3978 / GO-2023-1988
More information
#### Details Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. #### Severity Unknown #### References - [https://go.dev/issue/61615](https://go.dev/issue/61615) - [https://go.dev/cl/514896](https://go.dev/cl/514896) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2023-1988) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.