Vulnerability Report: GO-2023-1597

CVE-2023-26046, GHSA-9f95-hhg4-pg4f
Affects: github.com/kitabisa/teler-waf
Published: Mar 02, 2023
Modified: May 20, 2024

Improper sanitization and filtering of HTML entities in user input can lead to cross-site scripting (XSS) attacks where arbitrary JavaScript code is executed in the browser.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-9f95-hhg4-pg4f.

Affected Packages

Path

Go Versions

Symbols
github.com/kitabisa/teler-waf

before v0.1.1
- Teler.Analyze
- Teler.HandlerFuncWithNext

Aliases

CVE-2023-26046
GHSA-9f95-hhg4-pg4f

References

https://github.com/kitabisa/teler-waf/commit/d1d49cfddfa3ec2adad962870f14b85cd1aaf739
https://github.com/kitabisa/teler-waf/releases/tag/v0.1.1
https://github.com/advisories/GHSA-9f95-hhg4-pg4f
https://vuln.go.dev/ID/GO-2023-1597.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL