CVE-2018-17075 Date: (C)2018-09-17 (M)2023-12-22
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit.
CVSS Score and Metrics +CVSS Score and Metrics -
CVSS V3 Severity: CVSS V2 Severity: CVSS Score : 7.5 CVSS Score : 5.0 Exploit Score: 3.9 Exploit Score: 10.0 Impact Score: 3.6 Impact Score: 2.9 CVSS V3 Metrics: CVSS V2 Metrics: Attack Vector: NETWORK Access Vector: NETWORK Attack Complexity: LOW Access Complexity: LOW Privileges Required: NONE Authentication: NONE User Interaction: NONE Confidentiality: NONE Scope: UNCHANGED Integrity: NONE Confidentiality: NONE Availability: PARTIAL Integrity: NONE Availability: HIGH