[security] Vulnerability in golang.org/x/net/html
1,628 views
Skip to first unread message
Filippo Valsorda
May 20, 2021, 1:24:58 PM5/20/21
to golang-nuts, golang-...@googlegroups.com, golang-dev
Hello gophers,
Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service.
An attacker can craft an input to ParseFragment that would cause it to enter an infinite loop and never return.
This issue was discovered by OSS-Fuzz and reported to us by Andrew Thornton <ar...@cantab.net>, and is tracked as CVE-2021-33194.
Cheers,
Filippo on behalf of the Go team
Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service.
An attacker can craft an input to ParseFragment that would cause it to enter an infinite loop and never return.
This issue was discovered by OSS-Fuzz and reported to us by Andrew Thornton <ar...@cantab.net>, and is tracked as CVE-2021-33194.
Cheers,
Filippo on behalf of the Go team
Reply all
Reply to author
Forward
0 new messages