CVE-2023-24539

ADVISORY - nist

Summary

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

EPSS Score⁠: 0.00902 (0.737)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-74⁠

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - redhat

CWE-176⁠

Improper Handling of Unicode Encoding

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.