Vulnerability Report: GO-2021-0224
standard library- CVE-2020-15586
- Affects: net/http
- Published: Feb 17, 2022
- Modified: May 20, 2024
HTTP servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.13.13, from go1.14.0-0 before go1.14.5
1 unexported affected symbols
- expectContinueReader.Read
Aliases
References
- https://go.dev/cl/242598
- https://go.googlesource.com/go/+/fa98f46741f818913a8c11b877520a548715131f
- https://go.dev/issue/34902
- https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w
- https://vuln.go.dev/ID/GO-2021-0224.json
Credits
- Mikael Manukyan, Andrew Kutz, Dave McClure, Tim Downey, Clay Kauzlaric, Gabe Rosenhouse
Feedback
See anything missing or incorrect?
Suggest an edit to this report.