Improper rendering of text nodes in golang.org/x/net/html

GHSA-2wrh-6pvc-2jm9 · CVE-2023-3978 · GO-2023-1988

Published Aug 2, 2023 · Modified Feb 4, 2026

Description

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-3978
WEB https://go.dev/cl/514896
WEB https://go.dev/issue/61615
WEB https://pkg.go.dev/vuln/GO-2023-1988

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes