CVE-2020-15586

Опубликовано: 17 июл. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
Mailing List
Third Party Advisory
https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g
https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
https://security.netapp.com/advisory/ntap-20200731-0005/
Third Party Advisory
https://www.cloudfoundry.org/blog/cve-2020-15586/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4848
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
Mailing List
Third Party Advisory
https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.13.13 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.14.0 (включая) до 1.14.5 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Версия до 13.7.0 (исключая)

cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*

Версия до 0.203.0 (исключая)

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00614

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2020-15586

CVSS3: 5.9

ubuntu

почти 5 лет назад

CVE-2020-15586

CVSS3: 5.9

redhat

почти 5 лет назад

CVE-2020-15586

CVSS3: 5.9

msrc

почти 5 лет назад

Описание отсутствует

CVE-2020-15586

CVSS3: 5.9

debian

почти 5 лет назад

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...

GHSA-9rmg-8r3f-xrq7

CVSS3: 5.9

github

около 3 лет назад

EPSS

Процентиль: 69%

0.00614

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362