GO-2020-0048 Denial of service in github.com/antchfx/xmlquery

LoadURL does not check the Content-Type of loaded resources, which can cause a panic due to nil pointer deference if the loaded resource is not XML. If user supplied URLs are loaded, this may be used as a denial of service vector...

Denial Of Service (DoS)

github.com/antchfx/xmlquery is vulnerable to denial of service DoS attacks. The vulnerability exists because the LoadURL function in node.go fails to properly validate the type/format of incoming responses from URL before parsing and proceeding to the next process, allowing an attacker to pass UR...