{"id":"GO-2022-0192","summary":"Incorrect parsing of nested templates in golang.org/x/net/html","details":"The Parse function can panic on some invalid inputs.\n\nFor example, the Parse function panics on the input \"\u003cmath\u003e\u003ctemplate\u003e\u003cmo\u003e\u003ctemplate\u003e\".","aliases":["CVE-2018-17142","GHSA-2wp2-chmh-r934"],"modified":"2024-05-20T16:03:47Z","published":"2022-07-01T20:11:34Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0192","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://go.dev/cl/136875"},{"type":"FIX","url":"https://go.googlesource.com/net/+/cf3bd585ca2a5a21b057abd8be7eea2204af89d0"},{"type":"REPORT","url":"https://go.dev/issue/27702"}],"affected":[{"package":{"name":"golang.org/x/net","ecosystem":"Go","purl":"pkg:golang/golang.org/x/net"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20180925071336-cf3bd585ca2a"}]}],"ecosystem_specific":{"imports":[{"symbols":["Parse","ParseFragment","parser.resetInsertionMode"],"path":"golang.org/x/net/html"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0192.json"}}],"schema_version":"1.7.3","credits":[{"name":"@tr3ee"}]}