5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
71.6%
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>
, leading to an infinite loop during an html.Parse
call because inSelectIM
and inSelectInTableIM
do not comply with a specification.
CPE | Name | Operator | Version |
---|---|---|---|
golang.org/x/net | lt | 0.0.0-20190125091013-d26f9f9a57f3 |
github.com/golang/go/issues/27842
go-review.googlesource.com/c/137275
go.dev/issue/27842
go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
lists.fedoraproject.org/archives/list/[email protected]/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON
lists.fedoraproject.org/archives/list/[email protected]/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK
nvd.nist.gov/vuln/detail/CVE-2018-17846
pkg.go.dev/vuln/GO-2020-0014
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
71.6%