VDB
RHBA-2021%3A0101
RHBA-2021%3A0101
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | distributed-tracing/jaeger-query-rhel8@sha256:92e1aea91dbdfad53e42f8774b6cfd23fd4149e2c1579e536e9c8a502abb395f_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-query-rhel8@sha256:92e1aea91dbdfad53e42f8774b6cfd23fd4149e2c1579e536e9c8a502abb395f_amd64 |
| Red Hat | distributed-tracing/jaeger-es-rollover-rhel8@sha256:98a27286a18d68485c08f719bc4303153e97ac44f2719e5974c0a003388257ff_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-es-rollover-rhel8@sha256:98a27286a18d68485c08f719bc4303153e97ac44f2719e5974c0a003388257ff_amd64 |
| Red Hat | distributed-tracing/jaeger-agent-rhel8@sha256:4fd12fd4195fbe7c834065241f0bc925b646aed9308d1714e32b92799cebdd3e_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-agent-rhel8@sha256:4fd12fd4195fbe7c834065241f0bc925b646aed9308d1714e32b92799cebdd3e_amd64 |
| Red Hat | distributed-tracing/jaeger-ingester-rhel8@sha256:8aac2e131725953c3747a1d8bec9ef75071a6ae995cf9bd481a1f2e36c791b0d_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | * |
| Red Hat | distributed-tracing/jaeger-rhel8-operator@sha256:a03717b0dff471054adbb81c2fdb3c7e804f20d48353c4c1cdd5bf4ec30a50cf_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-rhel8-operator@sha256:a03717b0dff471054adbb81c2fdb3c7e804f20d48353c4c1cdd5bf4ec30a50cf_amd64 |
| Red Hat | distributed-tracing/jaeger-all-in-one-rhel8@sha256:2b61d7c37f71b6d9ae0d41bd26eb6ec58ebc56cb8659ffc20d152c8906814cca_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-all-in-one-rhel8@sha256:2b61d7c37f71b6d9ae0d41bd26eb6ec58ebc56cb8659ffc20d152c8906814cca_amd64 |
| Red Hat | distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:4bfa95cbb4416335bf1eb3ed63d6ab8b4ddf1bec3365d3cadf1b58ef093ad691_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:4bfa95cbb4416335bf1eb3ed63d6ab8b4ddf1bec3365d3cadf1b58ef093ad691_amd64 |
| Red Hat | distributed-tracing/jaeger-collector-rhel8@sha256:f0732fd98255b246ee80461e40976571d489f7f0a4697db4dccdf103a95eefee_amd64 as a component of Red Hat OpenShift Jaeger 1.20 | distributed-tracing/jaeger-collector-rhel8@sha256:f0732fd98255b246ee80461e40976571d489f7f0a4697db4dccdf103a95eefee_amd64 |
Timeline
- Jan 13, 2021 CVE Published
- Mar 27, 2026 CVE Updated
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHBA-2021:0101 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_0101.json advisory
- https://access.redhat.com/security/cve/CVE-2020-15586 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1856953 issue
- https://www.cve.org/CVERecord?id=CVE-2020-15586 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-15586 advisory
- https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ advisory
- https://access.redhat.com/security/cve/CVE-2020-16845 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1867099 issue
- https://www.cve.org/CVERecord?id=CVE-2020-16845 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-16845 advisory
- https://groups.google.com/g/golang-announce/c/NyPIaucMgXo advisory