Описание
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-golang-x-net-dev | not-affected | package | ||
| golang-go.net-dev | not-affected | package |
Примечания
https://github.com/golang/go/issues/27704
Fixed by: https://github.com/golang/net/commit/2f5d2388922f370f4355f327fcf4cfe9f5583908
Introduced by: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
Связанные уязвимости
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer