CVE-2021-36221 - log back

CVE-2021-36221 edited at 05 Aug 2021 21:39:17
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue has been found in Go before version 1.16.7. A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition.
References
+ https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
+ https://github.com/golang/go/issues/46866
+ https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521
Notes
CVE-2021-36221 created at 05 Aug 2021 21:36:20