| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Denial of service |
|
| Description |
| + |
Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service. An attacker can craft an input to ParseFragment that would cause it to enter an infinite loop and never return. |
|
| References |
| + |
https://groups.google.com/g/golang-announce/c/wPunbCPkWUg/m/ifcDT_DbCwAJ |
| + |
https://github.com/golang/go/issues/46288 |
| + |
https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7 |
|
| Notes |
|