зеркало из https://github.com/golang/vulndb.git
22 строки
819 B
YAML
22 строки
819 B
YAML
|
module: golang.org/x/net
|
||
|
package: golang.org/x/net/html
|
||
|
versions:
|
||
|
- fixed: v0.0.0-20180816102801-aaf60122140d
|
||
|
description: |
|
||
|
The HTML parser does not properly handle "in frameset" insertion mode, and can be made
|
||
|
to panic when operating on malformed HTML that contains <template> tags. If operating
|
||
|
on user input, this may be a vector for a denial of service attack.
|
||
|
published: 2021-04-14T12:00:00Z
|
||
|
cve: CVE-2018-17075
|
||
|
credit: Kunpei Sakai
|
||
|
symbols:
|
||
|
- inBodyIM
|
||
|
- inFramesetIM
|
||
|
links:
|
||
|
pr: https://go-review.googlesource.com/123776
|
||
|
commit: https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50
|
||
|
context:
|
||
|
- https://github.com/golang/go/issues/27016
|
||
|
- https://bugs.chromium.org/p/chromium/issues/detail?id=829668
|
||
|
- https://go-review.googlesource.com/c/net/+/94838/9/html/parse.go#1906
|