CVE-2018-17142

Published September 17th, 2018

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.

golang/go

The Go programming language

GitHub

135K