Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net
fixes a vulnerability in the golang.org/x/net/html
package which could cause a denial of service.
An attacker can craft an input to ParseFragment that would cause it to enter an infinite loop and never return.
This issue was discovered by OSS-Fuzz and reported to us by Andrew Thornton <ar...@cantab.net
>, and is tracked as CVE-2021-33194.
Filippo on behalf of the Go team