CVE-2018-17142

Name of the Vulnerable Software and Affected Versions html package (aka x/net/html) through 2018-09-17

Description The issue arises from the mishandling of specific HTML tags, such as <math><template><mo><template>, which can cause a "panic: runtime error" in the parseCurrentToken function within parse.go during an html.Parse call. This error occurs due to the Parse function's inability to handle certain invalid inputs properly, leading to a panic.

Recommendations For versions through 2018-09-17, consider avoiding the use of the html.Parse function with potentially malformed HTML inputs until a fix is applied. As a temporary workaround, validate and sanitize all HTML inputs before passing them to the html.Parse function to minimize the risk of encountering this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.