Vulnerability Report: GO-2020-0014
- CVE-2018-17846, GHSA-vfw5-hrgq-h5wf
- Affects: golang.org/x/net
- Published: Apr 14, 2021
- Modified: Oct 12, 2023
html.Parse does not properly handle "select" tags, which can lead to an infinite loop. If parsing user supplied input, this may be used as a denial of service vector.
Affected Packages
-
PathVersionsSymbols
-
before v0.0.0-20190125091013-d26f9f9a57f3
Aliases
References
- https://go-review.googlesource.com/c/137275
- https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
- https://go.dev/issue/27842
- https://vuln.go.dev/ID/GO-2020-0014.json
Credits
- @tr3ee
Feedback
See anything missing or incorrect?
Suggest an edit to this report.