Vulnerability Report: GO-2022-0197
- CVE-2018-17847, CVE-2018-17848, and 2 more
- Affects: golang.org/x/net
- Published: Jul 01, 2022
- Modified: May 20, 2024
The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input "<svg><template><desc><t><svg></template>".
Affected Packages
-
PathGo VersionsSymbols
-
before v0.0.0-20190125002852-4b62a64f59f7
Aliases
References
- https://go.dev/cl/159397
- https://go.googlesource.com/net/+/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
- https://go.dev/issue/27846
- https://vuln.go.dev/ID/GO-2022-0197.json
Credits
- @tr3ee
Feedback
See anything missing or incorrect?
Suggest an edit to this report.