Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GO-2020-0048
HistoryApr 14, 2021 - 8:04 p.m.

Denial of service in github.com/antchfx/xmlquery

2021-04-1420:04:52
Google
osv.dev
8
denial of service
xml
content-type
panic
nil pointer
user supplied urls
antchfx/xmlquery

AI Score

9.2

Confidence

High

EPSS

0.005

Percentile

75.3%

JSON

LoadURL does not check the Content-Type of loaded resources, which can cause a panic due to nil pointer deference if the loaded resource is not XML. If user supplied URLs are loaded, this may be used as a denial of service vector.

Related

github 1
prion 1
osv 2
gitlab 1
nvd 1
cvelist 1
cve 1
debiancve 1
ubuntucve 1
veracode 1
github
github
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
2022-10-07 07:20:03
prion
prion
Format string
2020-09-16 15:15:00
osv
osv
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
2022-10-07 07:20:03
CVE-2020-25614
2020-09-16 15:15:12
gitlab
gitlab
Improper Input Validation
2020-09-16 00:00:00
nvd
nvd
CVE-2020-25614
2020-09-16 15:15:12
cvelist
cvelist
CVE-2020-25614
2020-09-16 14:41:08
cve
cve
CVE-2020-25614
2020-09-16 15:15:12
debiancve
debiancve
CVE-2020-25614
2020-09-16 15:15:12
ubuntucve
ubuntucve
CVE-2020-25614
2020-09-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-09-07 10:52:06

AI Score

9.2

Confidence

High

EPSS

0.005

Percentile

75.3%

JSON
Related for OSV:GO-2020-0048
github1prion1osv2gitlab1nvd1cvelist1cve1debiancve1ubuntucve1veracode1