EPSS
Percentile
72.6%
The html package (aka x/net/html) before 2018-07-13 in Go mishandles “in frameset” insertion mode, leading to a “panic: runtime error” for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.
bugzilla.redhat.com/show_bug.cgi?id=1633041
www.cve.org/CVERecord?id=CVE-2018-17075 https://nvd.nist.gov/vuln/detail/CVE-2018-17075