GSA_kwCzR0hTQS0yd3AyLWNobWgtcjkzNM39mw

High EPSS: 0.00747% (0.72186 Percentile) EPSS:

Permalink JSON

golang.org/x/net/html NULL Pointer Dereference vulnerability

Affected Packages	Affected Versions	Fixed Versions
go:golang.org/x/net	< 0.0.0-20180925071336-cf3bd585ca2a	0.0.0-20180925071336-cf3bd585ca2a
112,044 Dependent packages 276,704 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.39.0, 0.40.0, 0.41.0, 0.42.0

The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call

References:

Identifiers

GHSA-2wp2-chmh-r934

CVE-2018-17142

Risk

Severity

High

EPSS

EPSS Percentage: 0.00747

EPSS Percentile: 0.72186

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/golang/go

Date and time

Published

about 3 years ago

Updated

about 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories