Golang.Org X Net vulnerabilities

CVE-2018-17142 [HIGH] CWE-476 golang.org/x/net/html NULL Pointer Dereference vulnerability golang.org/x/net/html NULL Pointer Dereference vulnerability The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call

CVE-2018-17847 [HIGH] CWE-119 golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer The html package (aka `x/net/html`) through 2018-09-25 in Go mishandles ``, leading to a `panic: runtime error` (index out of range) in `(*nodeStack).pop` in node.go, called from `(*parser).clearActiveFormattingElements`, during an `html.Parse` call.

CVE-2018-17143 [HIGH] CWE-119 golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call

CVE-2018-17075 [HIGH] CWE-476 golang.org/x/net/html NULL Pointer Dereference vulnerability golang.org/x/net/html NULL Pointer Dereference vulnerability The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.