Golang

Net

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.18%
  • Veröffentlicht 22.05.2026 15:01:22
  • Zuletzt bearbeitet 29.05.2026 15:27:46

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • EPSS 0.25%
  • Veröffentlicht 22.05.2026 15:01:21
  • Zuletzt bearbeitet 29.05.2026 15:47:57

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

  • EPSS 0.18%
  • Veröffentlicht 22.05.2026 15:01:21
  • Zuletzt bearbeitet 29.05.2026 15:30:15

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • EPSS 0.48%
  • Veröffentlicht 22.05.2026 15:01:21
  • Zuletzt bearbeitet 09.07.2026 13:17:02

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to p...

  • EPSS 0.18%
  • Veröffentlicht 22.05.2026 15:01:21
  • Zuletzt bearbeitet 29.05.2026 19:09:48

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • EPSS 0.19%
  • Veröffentlicht 22.05.2026 15:01:21
  • Zuletzt bearbeitet 29.05.2026 19:06:20

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • EPSS 1%
  • Veröffentlicht 08.05.2024 16:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

  • EPSS 2.62%
  • Veröffentlicht 01.10.2018 08:29:02
  • Zuletzt bearbeitet 21.11.2024 03:55:02

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

Exploit
  • EPSS 2.83%
  • Veröffentlicht 01.10.2018 08:29:02
  • Zuletzt bearbeitet 21.11.2024 03:55:02

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElemen...

Exploit
  • EPSS 2.68%
  • Veröffentlicht 01.10.2018 08:29:02
  • Zuletzt bearbeitet 21.11.2024 03:55:03

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse cal...