| packages: |
| - module: golang.org/x/net |
| package: golang.org/x/net/html |
| symbols: |
| - inSelectIM |
| - inSelectInTableIM |
| versions: |
| - fixed: 0.0.0-20190125091013-d26f9f9a57f3 |
| description: | |
| html.Parse does not properly handle "select" tags, which can lead |
| to an infinite loop. If parsing user supplied input, this may be used |
| as a denial of service vector. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2018-17846 |
| credit: '@tr3ee' |
| links: |
| pr: https://go-review.googlesource.com/c/137275 |
| commit: https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf |
| context: |
| - https://go.dev/issue/27842 |
