9 matches found
CVE-2026-42502
Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...
GO-2026-5030 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
AZL-77102 CVE-2025-58190 affecting package telegraf 1.31.0-12
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76851 CVE-2025-58190 affecting package cri-tools for versions less than 1.29.0-9
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77079 CVE-2025-47911 affecting package terraform for versions less than 1.3.2-29
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77019 CVE-2025-47911 affecting package kubevirt 1.6.3-3
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
DEBIAN-CVE-2025-47911
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
GO-2026-4441 Infinite parsing loop in golang.org/x/net
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...