CVE-2018-17846

Name of the Vulnerable Software and Affected Versions html package (aka x/net/html) through 2018-09-25

Description The issue arises from the mishandling of specific HTML tags, such as <table><math><select><mi><select></table>, which can cause an infinite loop during an html.Parse call. This occurs because inSelectIM and inSelectInTableIM do not comply with a specification. The problem can also be described as html.Parse not properly handling "select" tags, potentially leading to a denial of service if user-supplied input is being parsed.

Recommendations For the html package (aka x/net/html) through 2018-09-25, consider updating to a version newer than 2018-09-25 to resolve the issue. As a temporary workaround, consider restricting the use of the html.Parse function when parsing user-supplied input to minimize the risk of exploitation.