First published: Mon Oct 01 2018(Updated: )
The html package (aka `x/net/html`) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/golang.org/x/net | <0.0.0-20190125002852-4b62a64f59f7 | 0.0.0-20190125002852-4b62a64f59f7 |
Golang Net | <=2018-09-25 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
<=2018-09-25 | ||
=28 | ||
=29 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.