blob: 620524c54a54a2f9041c4c342290ed59736135cd [file] [log] [blame]
module: github.com/antchfx/xmlquery
versions:
- fixed: v1.3.1
description: |
[`LoadURL`] does not check the Content-Type of loaded resources,
which can cause a panic due to nil pointer deference if the loaded
resource is not XML. If user supplied URLs are loaded, this may be
used as a denial of service vector.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-25614
credit: "@dwisiswant0"
symbols:
- LoadURL
links:
commit: https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821
context:
- https://github.com/antchfx/xmlquery/issues/39