Search CVE reports
1 – 10 of 25 results
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This...
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| google-guest-agent | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| containerd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| adsys | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net | Not affected | Not affected | Not affected | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Not affected | Not affected |
| adsys | Vulnerable | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Not affected |
Some fixes available 8 of 10
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net | Vulnerable | Fixed | Fixed | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| adsys | Not affected | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |
Some fixes available 8 of 10
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net | Vulnerable | Fixed | Fixed | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| adsys | Not affected | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |