Skip to content

x/net/html: fix CVE-2025-22872 #73070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rolandshoemaker opened this issue Mar 27, 2025 · 1 comment · Fixed by minio/minio-go#2085
Closed

x/net/html: fix CVE-2025-22872 #73070

rolandshoemaker opened this issue Mar 27, 2025 · 1 comment · Fixed by minio/minio-go#2085
Labels
Security
Milestone
Unreleased

Comments

@rolandshoemaker
Copy link
Member

rolandshoemaker commented Mar 27, 2025
edited
Loading

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing, which could result in content following the tag being placed in the wrong scope during DOM construction.

For example a tag of the form <p a=/> is interpreted by the tokenizer as self closing, resulting in incorrectly emitting <p a="/"/>. This is due to how we check is a tag is self-closing.

This is a PRIVATE issue for CVE-2025-22872, tracked in http://b/404570217.

/cc @golang/security and @golang/release
@gabyhelp gabyhelp added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Mar 27, 2025
@dmitshur dmitshur changed the title security: fix CVE-2025-22872 x/net/html: fix CVE-2025-22872 Mar 27, 2025
@gopherbot gopherbot added this to the Unreleased milestone Mar 27, 2025
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/661256 mentions this issue: html: properly handle trailing solidus in unquoted attribute value in foreign content

@rolandshoemaker rolandshoemaker removed the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Mar 27, 2025
@BorjaOuterelo BorjaOuterelo mentioned this issue Apr 2, 2025
Merged
@chrisd8088 chrisd8088 mentioned this issue Apr 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security
Projects
None yet
Milestone
Unreleased
Development

Successfully merging a pull request may close this issue.

Update x/net version BorjaOuterelo/minio-go
3 participants
@rolandshoemaker @gopherbot @gabyhelp