CVE-2021-36221
published 2021-08-08CVE-2021-36221: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | golang-1.15 | < golang-1.15 1.15.15-1~deb11u1 (bullseye) | golang-1.15 1.15.15-1~deb11u1 (bullseye) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| golang | go | < 1.15.15 | 1.15.15 |
| golang | go | >= 1.16.0 < 1.16.7 | 1.16.7 |
| msrc | cm1_golang_1.16.7-1_on_cbl_mariner_1.0 | — | — |
| oracle | timesten_in-memory_database | < 21.1.1.1.0 | 21.1.1.1.0 |
| paloalto | pan-os | — | — |
| siemens | scalance_lpe9403_firmware | < 2.0 | 2.0 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
osv5.9MEDIUM