Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Denial of service |
|
Description |
+ |
A security issue has been found in Go before version 1.16.7. A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition. |
|
References |
+ |
https://groups.google.com/g/golang-announce/c/uHACNfXAZqk |
+ |
https://github.com/golang/go/issues/46866 |
+ |
https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 |
|
Notes |
|