CVE-2018-17143

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt