reports/GO-2020-0014.yaml - vulndb - Git at Google

 module: golang.org/x/net
 package: golang.org/x/net/html
 versions:
   - fixed: v0.0.0-20190125091013-d26f9f9a57f3
 description: |
   html.Parse does not properly handle "select" tags, which can lead
   to an infinite loop. If parsing user supplied input, this may be used
   as a denial of service vector.
 cves:
   - CVE-2018-17846
 credit: '@tr3ee'
 symbols:
   - inSelectIM
   - inSelectInTableIM
 links:
   pr: https://go-review.googlesource.com/c/137275
   commit: https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
   context:
     - https://go.dev/issue/27842
	module: golang.org/x/net
	package: golang.org/x/net/html
	versions:
	- fixed: v0.0.0-20190125091013-d26f9f9a57f3
	description: \|
	html.Parse does not properly handle "select" tags, which can lead
	to an infinite loop. If parsing user supplied input, this may be used
	as a denial of service vector.
	cves:
	- CVE-2018-17846
	credit: '@tr3ee'
	symbols:
	- inSelectIM
	- inSelectInTableIM
	links:
	pr: https://go-review.googlesource.com/c/137275
	commit: https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
	context:
	- https://go.dev/issue/27842