CVE-2023-29400 - Unquoted HTML Attribute Injection in Templates – How a Design Flaw Turns Empty Input into a Security Nightmare
CVE-2023-29400 is a security issue involving web application templates, especially those that use Go's html/template or similar logic in other development frameworks.
CVE-2023-24540 - The Unicode Whitespace Escape in JavaScript & How Templating Goes Wrong
In early 2023, CVE-2023-24540 was quietly added to major vulnerability databases. At first glance, it looks like “just another JavaScript template bug.” However, its subtlety
CVE-2023-24538 - How Improper Backtick Escaping in Go Templates Enables JavaScript Injection
CVE-2023-24538 is a security vulnerability that affects Go’s html/template and text/template packages. This issue arises because these templates did not properly handle
CVE-2023-24536 - Cracking Down on DoS via Multipart Form Parsing in Go
Multipart file uploads are common in web development. They allow users to attach files or submit large volumes of data to web servers. But a
CVE-2023-24537 - Exploiting Go’s Parse Functions Infinite Loop Vulnerability
CVE-2023-24537 is a security vulnerability found in Go’s standard library. If you parse Go source code with specially crafted //line directives containing extremely large
Episode
00:00:00
00:00:00