Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
History

Fri, 24 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 13 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2023-05-11T15:29:24.874Z

Updated: 2025-01-24T16:47:46.724Z

Reserved: 2023-04-05T19:36:35.042Z

Link: CVE-2023-29400

cve-icon Vulnrichment

Updated: 2024-12-13T13:09:23.252Z

cve-icon NVD

Status : Modified

Published: 2023-05-11T16:15:09.850

Modified: 2025-01-24T17:15:12.747

Link: CVE-2023-29400

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-04-20T00:00:00Z

Links: CVE-2023-29400 - Bugzilla