blob: 677c4d00411dfc4cd312b1951d145e07c1ad4496 [file] [log] [blame]
id: GO-2022-0193
modules:
- module: golang.org/x/net
versions:
- fixed: 0.0.0-20180921000356-2f5d2388922f
vulnerable_at: 0.0.0-20180911220305-26e67e76b6c3
packages:
- package: golang.org/x/net/html
symbols:
- inBodyIM
derived_symbols:
- Parse
- ParseFragment
summary: Panic on unconsidered isindex and template combination in golang.org/x/net/html
description: |-
The Parse function can panic on some invalid inputs.
For example, the Parse function panics on the input
"<template><tBody><isindex/action=0>".
published: 2022-07-06T18:14:54Z
cves:
- CVE-2018-17143
ghsas:
- GHSA-fcf9-6fv2-fc5v
credits:
- '@tr3ee'
references:
- fix: https://go-review.googlesource.com/c/net/+/136575
- fix: https://go.googlesource.com/net/+/2f5d2388922f370f4355f327fcf4cfe9f5583908
- report: https://go.dev/issue/27704
review_status: REVIEWED