Vulnerability Report: GO-2020-0048
- CVE-2020-25614, GHSA-93m7-c69f-5cfj
- Affects: github.com/antchfx/xmlquery
- Published: Apr 14, 2021
- Modified: May 20, 2024
LoadURL does not check the Content-Type of loaded resources, which can cause a panic due to nil pointer deference if the loaded resource is not XML. If user supplied URLs are loaded, this may be used as a denial of service vector.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.3.1
Aliases
References
- https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821
- https://github.com/antchfx/xmlquery/issues/39
- https://vuln.go.dev/ID/GO-2020-0048.json
Credits
- @dwisiswant0
Feedback
See anything missing or incorrect?
Suggest an edit to this report.