CGA-ww39-rq4c-pg4f

Published 14 days ago

Last updated 13 days ago

Package

melange

Latest Update
Fixed
Fixed Version

0.18.1-r1

Severity

Unknown

Summary

Non-linear parsing of case-insensitive content in golang.org/x/net/html

Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Updates

Status
Fixed version
Impact
Updated
Fixed
0.18.1-r1
—

Dec 21, 2024

Under investigation
—
—

Dec 20, 2024

2 updates