{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3978", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2023-07-27T17:05:38.856Z", "datePublished": "2023-08-02T19:48:56.676Z", "dateUpdated": "2024-08-02T07:08:50.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-08-02T19:48:56.676Z"}, "title": "Improper rendering of text nodes in golang.org/x/net/html", "descriptions": [{"lang": "en", "value": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack."}], "affected": [{"vendor": "golang.org/x/net", "product": "golang.org/x/net/html", "collectionURL": "https://pkg.go.dev", "packageName": "golang.org/x/net/html", "versions": [{"version": "0", "lessThan": "0.13.0", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "render1"}, {"name": "Render"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "references": [{"url": "https://go.dev/issue/61615"}, {"url": "https://go.dev/cl/514896"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1988"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.711Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/61615", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/514896", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1988", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*", "matchCriteriaId": "791C8F5E-A214-4005-891D-B6FBD968A55C", "versionEndExcluding": "0.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack."}], "id": "CVE-2023-3978", "lastModified": "2023-11-07T04:20:03.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-02T20:15:12.097", "references": [{"source": "security@golang.org", "tags": ["Patch"], "url": "https://go.dev/cl/514896"}, {"source": "security@golang.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://go.dev/issue/61615"}, {"source": "security@golang.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1988"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6031", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHBA-2023:6109", "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.4::el8", "package": "migration-toolkit-virtualization/mtv-rhel8-operator:2.4.3-3", "product_name": "Migration Toolkit for Virtualization 2.4", "release_date": "2023-10-25T00:00:00Z"}, {"advisory": "RHSA-2023:6938", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:4.0-8090020230828093056.e7857ab1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6939", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8090020230825121312.e7857ab1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6474", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "podman-2:4.6.1-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-controller-rhel8:v1.7.13-4", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-hook-runner-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-legacy-rhel8-operator:v1.7.13-6", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-log-reader-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-must-gather-rhel8:v1.7.13-4", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-openvpn-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-operator-bundle:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-registry-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-rhel8-operator:v1.7.13-6", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-ui-rhel8:v1.7.13-4", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.7.13-2", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.7.13-4", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-velero-rhel8:v1.7.13-4", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5888", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.7.13-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2024:0485", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-machine-api-operator:v4.12.0-202401190520.p0.g04504fb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.14.0-202310201027.p0.g2e2e277.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.14.0-202310201027.p0.gb19eec1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-file-csi-driver-rhel8:v4.14.0-202310201027.p0.gf401f53.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-baremetal-machine-controllers:v4.14.0-202310201027.p0.g412acb3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-network-operator:v4.14.0-202310201027.p0.g5572bce.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-node-tuning-operator:v4.14.0-202310201027.p0.ga91f994.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.14.0-202310201027.p0.ga676e6b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202310201027.p0.ge9694ce.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.14.0-202310201027.p0.ga5ed57f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.14.0-202310201027.p0.g66925fd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5009", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-clients-0:4.14.0-202310191146.p0.g0c63f9d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:6837", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.14.0-202311021650.p0.g7ad2773.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:6837", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-machine-api-provider-aws-rhel8:v4.14.0-202311021650.p0.ge292817.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:6837", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-machine-api-provider-azure-rhel8:v4.14.0-202311021650.p0.gb6ab233.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:6837", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.14.0-202311021650.p0.g72e998c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7315", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.14.0-202311080350.p0.gd99fb31.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-21T00:00:00Z"}, {"advisory": "RHSA-2023:7315", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-machine-api-operator:v4.14.0-202311130809.p0.ge8e6a66.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:0944", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "podman-3:4.4.1-11.2.rhaos4.14.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1891", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-kubevirt-cloud-controller-manager-rhel8:v4.14.0-202404161544.p0.g7d96f56.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-04-26T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-sriov-network-webhook-rhel9:v4.15.0-202401261531.p0.g00e0317.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-alibaba-cloud-controller-manager-rhel9:v4.15.0-202401261531.p0.gabf4fa9.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-aws-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g3e23a96.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-azure-cloud-node-manager-rhel9:v4.15.0-202401261531.p0.g5beac87.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-azure-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g84ef752.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-api-rhel9:v4.15.0-202401261531.p0.gdb1841a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-capi-rhel9-operator:v4.15.0-202402020339.p0.g6a24e09.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator:v4.15.0-202401261531.p0.gd3e0fe7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-kube-cluster-api-rhel9-operator:v4.15.0-202402141438.p0.g128d8e0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-gcp-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g8a32c37.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-ibmcloud-machine-controllers-rhel9:v4.15.0-202401261531.p0.g6b0b8ea.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-machine-api-provider-aws-rhel9:v4.15.0-202401261531.p0.g0129b1e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-machine-api-provider-azure-rhel9:v4.15.0-202402070237.p0.g34e8ac0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-machine-api-provider-gcp-rhel9:v4.15.0-202401261531.p0.gb15daaf.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-machine-api-rhel9-operator:v4.15.0-202402020339.p0.ge2b4537.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-vsphere-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.gb21c0ba.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7216", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.4.5-2", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:6832", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/ocs-rhel9-operator:v4.14.0-67", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "golang.org/x/net/html: Cross site scripting", "id": "2228689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", "A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials."], "name": "CVE-2023-3978", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/cluster-logging-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch-proxy-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/lokistack-gateway-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Affected", "package_name": "lvms4/lvms-rhel9-operator", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-rhel8-operator", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/subctl-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Out of support scope", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Out of support scope", "package_name": "redhat-certification-cnf", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Out of support scope", "package_name": "redhat-certification-cnf", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "ansible-service-broker", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-enterprise-service-catalog", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift-descheduler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift-service-idler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift-web-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "golang-github-openshift-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift-enterprise-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "atomic-openshift-service-idler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-tools", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/cloud-event-proxy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ingress-node-firewall", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/kubernetes-nmstate-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/metallb-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-agent-installer-csr-approver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-agent-installer-node-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-alibaba-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cloud-event-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cloud-event-proxy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-manila-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-nfs-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-hypershift-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-installer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-libvirt-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-openstack-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-cni", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-network-metrics-daemon-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-node-feature-discovery", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-nutanix-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-nutanix-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-apiserver-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openstack-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-operator-sdk-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ovirt-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-powervs-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-ptp-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-compliance-openscap-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-selinuxd-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift-tech-preview/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Will not fix", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Will not fix", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-data-science-pipelines-operator-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-modelmesh-serving-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/devspaces-rhel8-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Not affected", "package_name": "rabbitmq-cluster-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}], "public_date": "2023-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3978\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3978\nhttps://go.dev/cl/514896\nhttps://go.dev/issue/61615\nhttps://pkg.go.dev/vuln/GO-2023-1988"], "threat_severity": "Moderate", "upstream_fix": "golang.org/x/net/html 0.13.0"}