ALAS-2020-1417 --- golangID: oval:org.secpod.oval:def:1601189 | Date: (C)2020-09-21 (M)2023-11-10 |
Class: PATCH | Family: unix |
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. A flaw was found Go"s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability
Platform: |
Amazon Linux AMI |