View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-28131 severity moderate: SUSE including 73 source package names (1.17-12.32:go1.17-1.17.13-150000.1.42.1, 1.18:go1.18-1.18.5-150000.1.25.1, …), 178 product×package rows across 28 product lines (Container bci/golang, SUSE Enterprise Storage 7, … (28 product lines)): Fixed 172, Known Not Affected 6.
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.