CVE-2018-17075

Published September 16th, 2018

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECTS

Description

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.

golang/go

The Go programming language

GitHub

135K

golang/net

[mirror] Go supplementary network libraries

GitHub

3.01K