The HTML parser does not properly handle "in frameset" insertion mode, and can be made to panic when operating on malformed HTML that contains <template> tags. If operating on user input, this may be a vector for a denial of service attack.
golang.org/x/net
{ "imports": [ { "symbols": [ "Parse", "ParseFragment", "inBodyIM", "inFramesetIM" ], "path": "golang.org/x/net/html" } ] }
{ "url": "https://pkg.go.dev/vuln/GO-2021-0078" }