blob: eda959e6752f4303a69621e0910d52f1af906077 [file] [log] [blame]
packages:
- module: github.com/antchfx/xmlquery
symbols:
- LoadURL
versions:
- fixed: 1.3.1
description: |
LoadURL does not check the Content-Type of loaded resources,
which can cause a panic due to nil pointer deference if the loaded
resource is not XML. If user supplied URLs are loaded, this may be
used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-25614
credit: '@dwisiswant0'
links:
commit: https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821
context:
- https://github.com/antchfx/xmlquery/issues/39