Google Git
Sign in
go / vulndb / bcb698b62a8f42f209bd8a61c42a7817c346f720 / . / data / reports / GO-2022-0192.yaml
blob: 4e21da32217d246027116646a4e3dd490851d3f0 [file] [log] [blame]
Tatiana Bradleyf1409b02023-05-24 14:02:12 -0400[diff] [blame]1id: GO-2022-0192
Damien Neilb5cb7652022-08-18 15:09:12 -0700[diff] [blame]2modules:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame]3 - module: golang.org/x/net
4 versions:
5 - fixed: 0.0.0-20180925071336-cf3bd585ca2a
6 vulnerable_at: 0.0.0-20180921000356-2f5d2388922f
7 packages:
8 - package: golang.org/x/net/html
9 symbols:
10 - parser.resetInsertionMode
11 derived_symbols:
12 - Parse
13 - ParseFragment
Tatiana Bradley00566bd2023-05-09 12:26:34 -0400[diff] [blame]14summary: Improper input validation in golang.org/x/net/html
Tatiana Bradleyccdac2d2023-06-22 13:27:05 -0400[diff] [blame]15description: |-
Damien Neilb91c2062022-06-29 12:06:31 -0700[diff] [blame]16 The Parse function can panic on some invalid inputs.
17
18 For example, the Parse function panics on the input
19 "<math><template><mo><template>".
Damien Neil95a417d2022-08-17 15:39:45 -0700[diff] [blame]20published: 2022-07-01T20:11:34Z
Damien Neilb91c2062022-06-29 12:06:31 -0700[diff] [blame]21cves:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame]22 - CVE-2018-17142
Tatiana Bradley2fcfeff2023-02-08 13:03:32 -0500[diff] [blame]23ghsas:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame]24 - GHSA-2wp2-chmh-r934
Tatiana Bradley09108142023-05-18 16:23:32 -0400[diff] [blame]25credits:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame]26 - '@tr3ee'
Damien Neil00e94d72022-08-26 14:59:35 -0700[diff] [blame]27references:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame]28 - fix: https://go.dev/cl/136875
29 - fix: https://go.googlesource.com/net/+/cf3bd585ca2a5a21b057abd8be7eea2204af89d0
30 - report: https://go.dev/issue/27702