Описание
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Ссылки
- ExploitIssue Tracking
- Patch
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.45.0 (исключая)
cpe:2.3:a:go:html:*:*:*:*:*:go:*:*
EPSS
Процентиль: 1%
0.00011
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-835
Связанные уязвимости
CVSS3: 5.3
ubuntu
2 месяца назад
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVSS3: 4.3
redhat
2 месяца назад
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVSS3: 5.3
debian
2 месяца назад
The html.Parse function in golang.org/x/net/html has an infinite parsi ...
EPSS
Процентиль: 1%
0.00011
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-835