golang.org/x/net/html NULL Pointer Dereference vulnerability
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated May 20, 2024
Package
Affected versions
< 0.0.0-20180816102801-aaf60122140d
Patched versions
0.0.0-20180816102801-aaf60122140d
Description
Published by the National Vulnerability Database
Sep 16, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Feb 8, 2023
Last updated
May 20, 2024
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.
References