CVE-2024-24785 Affecting go1.21-openssl-doc package, versions <1.21.13.1-150000.1.11.1


Severity

Recommended
0.0
high
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES155-GO121OPENSSLDOC-7887840
  • published4 Sept 2024
  • disclosed3 Sept 2024

Introduced: 3 Sep 2024

CVE-2024-24785  (opens in a new tab)

How to fix?

Upgrade SLES:15.5 go1.21-openssl-doc to version 1.21.13.1-150000.1.11.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream go1.21-openssl-doc package and not the go1.21-openssl-doc package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.

CVSS Scores

version 3.1