Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack…
Go·CWE-674·Published 2022-08-09
Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion.