commit 9d427c79b314eaee650d99e1b5691b8e2a8ed787
author Damien Neil <dneil@google.com> Mon Jan 10 17:20:50 2022 -0800
committer Damien Neil <dneil@google.com> Thu Feb 17 17:36:04 2022 +0000
tree dcfabafef269813e84324dd6da6cd705b05ae39d
parent 42690195e7a88057467ef77518e228530e61991d

reports: add GO-2021-0224.yaml for CVE-2020-15586

Fixes golang/vulndb#224

Change-Id: I4e35f26b5ba48e729738cc3d06d659f39acae8dd
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377581
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

reports/GO-2021-0224.yaml

diff --git a/reports/GO-2021-0224.yaml b/reports/GO-2021-0224.yaml
new file mode 100644
index 0000000..7c6470f
--- /dev/null
+++ b/reports/GO-2021-0224.yaml
@@ -0,0 +1,23 @@
+module: std
+package: net/http
+versions:
+- fixed: go1.13.13
+- fixed: go1.14.5
+- fixed: go1.15.0
+description: |
+  HTTP servers where the Handler concurrently reads the request
+  body and writes a response can encounter a data race and crash.
+  The httputil.ReverseProxy Handler is affected.
+cves:
+- CVE-2020-15586
+credit: |
+  Mikael Manukyan, Andrew Kutz, Dave McClure, Tim Downey, Clay
+  Kauzlaric, and Gabe Rosenhouse
+symbols:
+- expectContinueReader.Read
+links:
+  pr: https://go.dev/cl/242598
+  commit: https://go.googlesource.com/go/+/fa98f46741f818913a8c11b877520a548715131f
+  context:
+  - https://go.dev/issue/34902
+  - https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w