CVE-2024-45338

Non-linear parsing of case-insensitive content in golang.org/x/net/html

Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

8.7

Severity

High

Ecosystem

Publish Date

December 18, 2024

Modified Date

March 24, 2026

Score Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions