Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
/cc @golang/security and @golang/release
Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
/cc @golang/security and @golang/release