The parser implements the HTML specification, which contains a number of
algorithms which are quadratic in complexity by design. This causes the
processing time to scale non-linearly with respect to the size of the input for
some HTML documents.
This is a PRIVATE issue for CVE-2025-47911, tracked in http://b/437343453 and fixed by https://go-internal-review.git.corp.google.com/c/net/+/2880.
/cc @golang/security and @golang/release
The parser implements the HTML specification, which contains a number of
algorithms which are quadratic in complexity by design. This causes the
processing time to scale non-linearly with respect to the size of the input for
some HTML documents.
This is a PRIVATE issue for CVE-2025-47911, tracked in http://b/437343453 and fixed by https://go-internal-review.git.corp.google.com/c/net/+/2880.
/cc @golang/security and @golang/release