GHSA-3p2w-3263-9gr3

Опубликовано: 11 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

Ссылки

EPSS

Процентиль: 1%

0.00012

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-28131

Дефекты

CWE-674

Связанные уязвимости

CVE-2022-28131

CVSS3: 7.5

ubuntu

почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

CVE-2022-28131

CVSS3: 7.3

redhat

почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

CVE-2022-28131

CVSS3: 7.5

nvd

почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

CVE-2022-28131

CVSS3: 7.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-28131

CVSS3: 7.5

debian

почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...

EPSS

Процентиль: 1%

0.00012

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-28131

Дефекты

CWE-674