CVE-2021-27918 - High Severity Vulnerability
Vulnerable Library - third_party-gogo1.11beta1
0
Library home page: https://github.com/fuchsia-mirror/third_party-go.git
Vulnerable Source Files (0)
Vulnerability Details
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Publish Date: 2021-03-11
URL: CVE-2021-27918
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
Release Date: 2021-03-11
Fix Resolution: 1.15.9, 1.16.1
CVE-2021-27918 - High Severity Vulnerability
0
Library home page: https://github.com/fuchsia-mirror/third_party-go.git
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Publish Date: 2021-03-11
URL: CVE-2021-27918
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
Release Date: 2021-03-11
Fix Resolution: 1.15.9, 1.16.1