Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Improper Handling of Unicode Encoding
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in