Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
2022-08-10T20:15:42.210
2024-11-21T07:03:04.227
Modified
CVSSv3.1: 7.5 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | golang | go | < 1.17.12 | Yes |
Application | golang | go | < 1.18.4 | Yes |