Infinite Loop Vulnerability in encoding/xml Package

Infinite Loop Vulnerability in encoding/xml Package

CVE-2021-27918 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

Learn more about our Web Application Penetration Testing UK.