A security issue was found in Go before versions 1.16.1 and 1.15.9. The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.
A security issue was found in Go before versions 1.16.1 and 1.15.9. The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.
https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw https://github.com/golang/go/issues/44913 https://github.com/golang/go/commit/d86e53e896eca907ad67300c0bb495e3dd925358