reports/GO-2021-0078.toml - vulndb - Git at Google

 module = "golang.org/x/net"
 package = "golang.org/x/net/html"

 description = """
 The HTML parser does not properly handle "in frameset" insertion mode, and can be made
 to panic when operating on malformed HTML that contains <template> tags. If operating
 on user input, this may be a vector for a denial of service attack.
 """

 cve = "CVE-2018-17075"

 credit = "Kunpei Sakai"

 symbols = ["inBodyIM", "inFramesetIM"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v0.0.0-20180816102801-aaf60122140d"

 [links]
 commit = "https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50"
 pr = "https://go-review.googlesource.com/123776"
 context = [
     "https://github.com/golang/go/issues/27016",
     "https://bugs.chromium.org/p/chromium/issues/detail?id=829668",
     "https://go-review.googlesource.com/c/net/+/94838/9/html/parse.go#1906"
 ]
	module = "golang.org/x/net"
	package = "golang.org/x/net/html"

	description = """
	The HTML parser does not properly handle "in frameset" insertion mode, and can be made
	to panic when operating on malformed HTML that contains <template> tags. If operating
	on user input, this may be a vector for a denial of service attack.
	"""

	cve = "CVE-2018-17075"

	credit = "Kunpei Sakai"

	symbols = ["inBodyIM", "inFramesetIM"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v0.0.0-20180816102801-aaf60122140d"

	[links]
	commit = "https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50"
	pr = "https://go-review.googlesource.com/123776"
	context = [
	"https://github.com/golang/go/issues/27016",
	"https://bugs.chromium.org/p/chromium/issues/detail?id=829668",
	"https://go-review.googlesource.com/c/net/+/94838/9/html/parse.go#1906"
	]