High severityNVD Advisory· Published Sep 16, 2020· Updated Aug 4, 2024
CVE-2020-25614
CVE-2020-25614
Description
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/antchfx/xmlqueryGo | < 1.3.1 | 1.3.1 |
Affected products
2- xmlquery/xmlquerydescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-93m7-c69f-5cfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25614ghsaADVISORY
- github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821ghsaWEB
- github.com/antchfx/xmlquery/compare/v1.3.0...v1.3.1ghsax_refsource_MISCWEB
- github.com/antchfx/xmlquery/issues/39ghsax_refsource_MISCWEB
- pkg.go.dev/vuln/GO-2020-0048ghsaWEB
News mentions
0No linked articles in our index yet.