There are 2 CVEs related to go, shown by a scanner for my app:
https://nvd.nist.gov/vuln/detail/CVE-2023-24540
https://nvd.nist.gov/vuln/detail/CVE-2023-24538
Details dont mention any specific go package, but rather mentions javascript.
What exactly these issues mean in context of go?
Both Issues affect html/template:
“Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.”
“Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.”
If you directly or indirectly use html/template, upgrade your go version.