The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.

Thanks to Sam Whited for reporting this issue.
This issue is CVE-2021-27918.