CVE-2021-27918

ADVISORY - nist

Summary

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

EPSS Score⁠: 0.00028 (0.065)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.