CVE-2023-29400

ADVISORY - nist

Summary

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

EPSS Score: 0.00148 (0.520)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADVISORY - redhat

Improper Handling of Unicode Encoding


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in