Описание
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <template></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | grafana | Not affected | ||
| Red Hat Ceph Storage 3 | grafana | Not affected | ||
| Red Hat Developer Tools | kompose | Out of support scope | ||
| Red Hat Enterprise Linux 7 | golang-googlecode-net | Not affected | ||
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.3 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | atomic-openshift | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
EPSS
5.3 Medium
CVSS3