You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
CVE-2021-27918 - High Severity Vulnerability
Vulnerable Library - third_party-gogo1.11beta1
0
Library home page: https://github.com/fuchsia-mirror/third_party-go.git
Vulnerable Source Files (0)
Vulnerability Details
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Publish Date: 2021-03-11
URL: CVE-2021-27918
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
Release Date: 2021-03-11
Fix Resolution: 1.15.9, 1.16.1
The text was updated successfully, but these errors were encountered: