2360404 – (CVE-2025-22872) CVE-2025-22872 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

Bug 2360404 (CVE-2025-22872) - CVE-2025-22872 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

Summary: CVE-2025-22872 golang.org/x/net/html: Incorrect Neutralization of Input Durin...

Keywords:
Status:	NEW
Alias:	CVE-2025-22872
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2360536 2360537 2360538 2360541 2360542 2360543 2360544 2360545 2360546 2360547 2360548 2360550 2360551 2360552 2360553 2360554 2360555 2360556 2360557 2360558 2360559 2360560 2360561 2360562 2360563 2360564 2360565 2360566 2360567 2360568 2360569 2360570 2360571 2360572 2360573 2360574 2360575 2360576 2360577 2360578 2360579 2360580 2360582 2360583 2360584 2360585 2360586 2360587 2360588 2360589 2360590 2360591 2360592 2360593 2360594 2360595 2360596 2360597 2360598 2360599 2360600 2360601 2360602 2360603 2360604 2360605 2360606 2360607 2360608 2360609 2360610 2360611 2360612 2360613 2360614 2360615 2360616 2360617 2360618 2360619 2360621 2360622 2360623 2360624 2360625 2360626 2360627 2360628 2360629 2360630 2360631 2360632 2360633 2360634 2360635 2360636 2360637 2360638 2360639 2360640 2360641 2360642 2360643 2360644 2360645 2360646 2360647 2360648 2360649 2360650 2360651 2360652 2360653 2360654 2360655 2360539 2360540 2360549 2360581 2360620 2360656
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-16 18:03 UTC by OSIDB Bzimport
Modified:	2025-04-18 08:27 UTC (History)
CC List:	113 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-16 18:03:50 UTC

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

Note You need to log in before you can comment on or make changes to this bug.

aazores
akostadi
alcohan
amasferr
amctagga
anjoseph
aoconnor
bkabrda
bniver
brking
cbartlet
ckandaga
cmah
crizzo
davidn
dhanak
dmayorov
dsimansk
dymurray
eaguilar
ebaron
eglynn
fdeutsch
flucifre
gkamathe
gmeno
gparvin
haoli
hkataria
ibolton
jaharrin
jajackso
jburrell
jcammara
jcantril
jeder
jforrest
jjoyce
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jolong
jprabhak
jschluet
jwendell
kegrant
kingland
koliveir
kshier
kverlaen
lball
lchilton
lgamliel
lhh
lphiri
lsvaty
mabashia
manissin
matzew
mbenjamin
mburns
mgarciac
mhackett
mkudlej
mmakovy
mnovotny
mwringe
ngough
njean
oramraz
owatkins
pahickey
pbraun
periklis
pgaikwad
pgrist
pjindal
pvasanth
rcernich
relrod
rfreiman
rhaigner
rjohnson
rojacob
sakbas
sausingh
sdawley
sfeifer
sfroberg
shvarugh
simaishi
skontopo
slucidi
smcdonal
smullick
sostapov
sseago
stcannon
stirabos
teagle
tfister
thason
thavo
tjochec
vereddy
veshanka
vkareh
whayutin
wtam
yguenane