Golang Net vulnerabilities

6 known vulnerabilities affecting golang/net.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6

Vulnerabilities

Page 1 of 1
CVE-2018-17848HIGHCVSS 7.5≤ 2018-09-252018-10-01
CVE-2018-17848 [HIGH] CWE-129 CVE-2018-17848: The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></templ The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.
nvd
CVE-2018-17847HIGHCVSS 7.5≤ 2018-09-252018-10-01
CVE-2018-17847 [HIGH] CWE-119 CVE-2018-17847: The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg>< The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
nvd
CVE-2018-17846HIGHCVSS 7.5≤ 2018-09-252018-10-01
CVE-2018-17846 [HIGH] CWE-835 CVE-2018-17846: The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><sele The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
nvd
CVE-2018-17143HIGHCVSS 7.5≤ 2018-09-172018-09-17
CVE-2018-17143 [HIGH] CWE-119 CVE-2018-17143: The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/acti The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
nvd
CVE-2018-17142HIGHCVSS 7.5≤ 2018-09-172018-09-17
CVE-2018-17142 [HIGH] CWE-476 CVE-2018-17142: The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template> The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
nvd
CVE-2018-17075HIGHCVSS 7.5≤ 2018-07-122018-09-16
CVE-2018-17075 [HIGH] CWE-476 CVE-2018-17075: The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, l The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.
nvd