CVE-2021-33194

CVE-2021-33194

Go through 1.15.12 and 1.16.x through 1.16.4 has a golang.org/x/net/html infinite loop via crafted ParseFragment input.

Source: CVE-2021-33194