CVEs-PoC/2022/CVE-2022-28131.md

### [CVE-2022-28131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131)
![](https://img.shields.io/static/v1?label=Product&message=encoding%2Fxml&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.17.12%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen)

### Description

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/henriquebesing/container-security
- https://github.com/kb5fls/container-security
- https://github.com/ruzickap/malware-cryptominer-container