Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Denial of Service (DoS) in antchfx/xmlquery #1

Closed
dwisiswant0 opened this issue Aug 4, 2021 · 0 comments
Closed

Denial of Service (DoS) in antchfx/xmlquery #1

dwisiswant0 opened this issue Aug 4, 2021 · 0 comments
Labels
disclosed Disclosure/advisory has been published & disclosed patched Patch version released

Comments

@dwisiswant0
Copy link
Owner

dwisiswant0 commented Aug 4, 2021
edited
Loading

Description

Affected versions of this package are vulnerable to Denial of Service (DoS) via xmlquery.(*Node).InnerText. The LoadURL function allows all response types/formats to be parsed (other than XML), so that it can proceed to the next process without validation.

CVE ID: CVE-2020-25614

References
@dwisiswant0 dwisiswant0 added disclosed Disclosure/advisory has been published & disclosed patched Patch version released labels Aug 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
disclosed Disclosure/advisory has been published & disclosed patched Patch version released
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dwisiswant0