reports/GO-2020-0014.yaml - vulndb - Git at Google

 module: golang.org/x/net
 package: golang.org/x/net/html
 versions:
   - fixed: v0.0.0-20190125091013-d26f9f9a57f3
 description: |
   [`html.Parse`] does not properly handle "select" tags, which can lead
   to an infinite loop. If parsing user supplied input, this may be used
   as a denial of service vector.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2018-17846
 credit: "@tr3ee"
 symbols:
   - inSelectIM
   - inSelectInTableIM
 links:
   pr: https://go-review.googlesource.com/c/137275
   commit: https://github.com/golang/net/commit/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
   context:
     - https://github.com/golang/go/issues/27842
	module: golang.org/x/net
	package: golang.org/x/net/html
	versions:
	- fixed: v0.0.0-20190125091013-d26f9f9a57f3
	description: \|
	[`html.Parse`] does not properly handle "select" tags, which can lead
	to an infinite loop. If parsing user supplied input, this may be used
	as a denial of service vector.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2018-17846
	credit: "@tr3ee"
	symbols:
	- inSelectIM
	- inSelectInTableIM
	links:
	pr: https://go-review.googlesource.com/c/137275
	commit: https://github.com/golang/net/commit/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
	context:
	- https://github.com/golang/go/issues/27842