[github.com/antchfx/xmlquery] xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-25614
• https://github.com/antchfx/xmlquery/issues/39
• https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821
• https://github.com/antchfx/xmlquery/compare/v1.3.0…v1.3.1
• https://github.com/advisories/GHSA-93m7-c69f-5cfj