golang.org/x/net/html NULL Pointer Dereference vulnerability
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated May 20, 2024
Package
Affected versions
< 0.0.0-20180925071336-cf3bd585ca2a
Patched versions
0.0.0-20180925071336-cf3bd585ca2a
Description
Published by the National Vulnerability Database
Sep 17, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Feb 8, 2023
Last updated
May 20, 2024
The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call
References