blob: 95c3b6d154c368ae1255447f9a818be92432c90d [file] [log] [blame]
packages:
- module: std
package: encoding/xml
symbols:
- Decoder.Token
versions:
- fixed: 1.15.9
- introduced: 1.16.0
fixed: 1.16.1
description: |
The Decode, DecodeElement, and Skip methods of an xml.Decoder
provided by xml.NewTokenDecoder may enter an infinite loop when
operating on a custom xml.TokenReader which returns an EOF in the
middle of an open XML element.
published: 2022-02-17T17:34:24Z
cves:
- CVE-2021-27918
credit: Sam Whited
links:
pr: https://go.dev/cl/300391
commit: https://go.googlesource.com/go/+/d0b79e3513a29628f3599dc8860666b6eed75372
context:
- https://go.dev/issue/44913
- https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw