Infinite loop when parsing inputs in golang.org/x/net/html

Overview

Source
ID
GO-2021-0238
Aliases
BIT-golang-2021-33194
CVE-2021-33194
GHSA-83g2-8m93-v3w7
Affected package

Description

An attacker can craft an input to ParseFragment that causes it to enter an infinite loop and never return.

Summary

73.57k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
10.06k
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
5.58%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20210520170846-37e1c6afe023
Patched/Unaffected
v0.28.0
v0.29.0
v0.30.0
v0.31.0
v0.32.0
v0.33.0
v0.34.0
Affected