VDB
KO
MEDIUM 6.5

GHSA-5cv4-jp36-h3mw

Go Net HTML parser is vulnerable to denial of service

Details

In Go Net (`golang.org/x/net`) before verion 0.55.0, parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / golang.org/x/net
Introduced in: 0 Fixed in: 0.55.0
Fix go get golang.org/x/net@v0.55.0

References