An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Affected Packages

Go golang.org/x/net/html

Affected versions: 0 (fixed in 0.33.0)

Related CVEs

CVE-2024-45338

Key Information

GHSA ID

GHSA-w32m-9786-jp63

Published

December 18, 2024 9:59 PM

Last Modified

March 16, 2025 5:24 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

golang.org/x/net/html

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 18, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.