Tatiana

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.17.12 Go versions prior to 1.18.4 **Description** The issue is caused by uncontrolled recursion in the Unmarshal function in encoding/xml. This allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the `any` field tag. **Recommendations** For Go versions prior to 1.17.12, update to version 1.17.12 or later to resolve the issue. For Go versions prior to 1.18.4, update to version 1.18.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `any` field tag in Go structs until a patch is available.