AI Score
Confidence
High
EPSS
Percentile
72.6%
The HTML parser does not properly handle “in frameset” insertion mode, and can be made to panic when operating on malformed HTML that contains <template> tags. If operating on user input, this may be a vector for a denial of service attack.
bugs.chromium.org/p/chromium/issues/detail?id=829668
go-review.googlesource.com/c/net/+/94838/9/html/parse.go#1906
go.dev/cl/123776
go.dev/issue/27016
go.googlesource.com/net/+/aaf60122140d3fcf75376d319f0554393160eb50