Skip to main content
Version: latest

CVE-2023-29400

CVE Details

Visit the official vulnerability details page for CVE-2023-29400 to learn more.

Initial Publication

10/25/2024

Last Update

12/16/2024

Third Party Dependency

go

NIST CVE Summary

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

CVE Severity

7.3

Our Official Summary

This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.

Status

Ongoing

Affected Products & Versions

This CVE is non-impacting as the impacting symbol and/or function is not used in the product

Revision History

DateRevision
12/16/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15
11/29/2024Official summary revised: This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.
11/27/2024Advisory is no longer impacting.
11/27/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/26/2024Advisory is now impacting.
11/26/2024Advisory is no longer impacting.
11/26/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/25/2024Advisory is now impacting.
11/24/2024Advisory is no longer impacting.
11/24/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/23/2024Advisory is now impacting.
11/23/2024Advisory is no longer impacting.
11/23/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/22/2024Advisory is now impacting.
11/22/2024Advisory is no longer impacting.
11/22/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/21/2024Advisory is now impacting.
11/20/2024Advisory is no longer impacting.
11/20/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/20/2024Advisory is now impacting.
11/20/2024Advisory is no longer impacting.
11/20/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/19/2024Advisory is now impacting.
11/19/2024Advisory is no longer impacting.
11/19/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/18/2024Advisory is now impacting.
11/18/2024Advisory is no longer impacting.
11/18/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/17/2024Advisory is now impacting.
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Advisory is no longer impacting.
11/15/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/15/2024Advisory is now impacting.
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Advisory is no longer impacting.
11/13/2024Official summary revised: This CVE is non impacting as the impacting symbol and/or function is not used in the product.
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/13/2024Advisory is now impacting.
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5