CVE-2018-17143

Name of the Vulnerable Software and Affected Versions html package (aka x/net/html) through 2018-09-17

Description The issue arises from the mishandling of specific HTML tags, such as <template><tBody><isindex/action=0>, which can lead to a "panic: runtime error" in the inBodyIM function within parse.go during an html.Parse call. This occurs due to the Parse function's inability to handle certain invalid inputs properly, resulting in a panic.

Recommendations For versions through 2018-09-17, consider updating to a version released after 2018-09-17 to resolve the issue. As a temporary workaround, consider adding input validation to prevent the html.Parse function from processing malformed HTML tags that could trigger the panic.