cve 2023 3978

About this tag
CVE-2023-3978 is a cross-site scripting (XSS) vulnerability in the golang.org/x/net/html component, which Microsoft has publicly attested as included in Azure Linux. The advisory from Microsoft's Security Response Center should be read carefully: the attestation is a scoped inventory statement, not a guarantee that no other Microsoft product contains the same vulnerable code. This tag covers discussion of the vulnerability, its impact on Azure Linux, and guidance for applying patches. Topics include understanding the scope of Microsoft's advisory, SBOM (software bill of materials) considerations, and practical steps to remediate the issue in Linux environments.
  1. CVE-2023-3978: Azure Linux Attestation and Go x net html Patch Guide

    Microsoft’s brief advisory language should be read carefully: Azure Linux is the product Microsoft has publicly attested as including the vulnerable golang.org/x/net/html component for CVE‑2023‑3978, but that attestation is a scoped inventory statement — not a mathematical proof that no other...