Hello gophers, Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service.
An attacker can craft an input to ParseFragment that would cause it to enter an infinite loop and never return. This issue was discovered by OSS-Fuzz and reported to us by Andrew Thornton <ar...@cantab.net>, and is tracked as CVE-2021-33194. Cheers, Filippo on behalf of the Go team -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CA%2B2K_KrxVjLt01peg2kkhnp21UZHBFRK0JfAXBZ-xDvrZSrZ%3Dw%40mail.gmail.com.
