CVE-2020-25614

Name of the Vulnerable Software and Affected Versions xmlquery versions prior to 1.3.1

Description The issue allows attackers to cause a denial of service (SIGSEGV) or possibly have other unspecified impacts due to the lack of a check for whether a LoadURL response is in the XML format. This can also cause a panic due to nil pointer deference if the loaded resource is not XML, potentially serving as a denial of service vector if user-supplied URLs are loaded.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LoadURL function to minimize the risk of exploitation, especially when loading user-supplied URLs.