VDB
RHSA-2020%3A5118
RHSA-2020%3A5118
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-autoscaler-operator@sha256:2359c08e7cef3f6d3204f18ebe1672f0a7a68e0e6604cbcb9f7f8b323b6c223a_ppc64le as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cluster-autoscaler-operator@sha256:2359c08e7cef3f6d3204f18ebe1672f0a7a68e0e6604cbcb9f7f8b323b6c223a_ppc64le |
| Red Hat | openshift4/ose-cluster-samples-operator@sha256:179b083ea94efda42bcb7e21dcfa8606e9b2c7a9f84a177c615941498d42b65e_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cluster-samples-operator@sha256:179b083ea94efda42bcb7e21dcfa8606e9b2c7a9f84a177c615941498d42b65e_s390x |
| Red Hat | openshift4/ose-cluster-openshift-apiserver-operator@sha256:810845a0656aa213e418153e8db76dcdb5dc8154df98aa81ce7270afd92cfdb7_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cluster-openshift-apiserver-operator@sha256:810845a0656aa213e418153e8db76dcdb5dc8154df98aa81ce7270afd92cfdb7_s390x |
| Red Hat | openshift4/ose-kube-state-metrics@sha256:8fa2760a620b762105feb4d93b5a35f73cf496babcba3f762505931af6dcd9e5_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-kube-state-metrics@sha256:8fa2760a620b762105feb4d93b5a35f73cf496babcba3f762505931af6dcd9e5_s390x |
| Red Hat | openshift4/ose-multus-cni@sha256:ef859afa7f49c2c5775f9b4ca9c5aafd585718ec3190fc66e865a6a239042925_ppc64le as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-multus-cni@sha256:ef859afa7f49c2c5775f9b4ca9c5aafd585718ec3190fc66e865a6a239042925_ppc64le |
| Red Hat | openshift4/ose-cli@sha256:4c1d07326e9d4fdb0cda26fbcd39e13df0295f926e1d60d16a891d06feb60b51_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cli@sha256:4c1d07326e9d4fdb0cda26fbcd39e13df0295f926e1d60d16a891d06feb60b51_s390x |
| Red Hat | openshift4/ose-installer@sha256:5d895773fa88843d958d7c6cd7cb681a04db042abce9351606ed682a870cca1c_ppc64le as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-installer@sha256:5d895773fa88843d958d7c6cd7cb681a04db042abce9351606ed682a870cca1c_ppc64le |
| Red Hat | openshift4/ose-ironic-ipa-downloader-rhel8@sha256:c257f011f009454cb69d8f1f153ffe892b5f1cc3b7fb836d5e4a152574733162_ppc64le as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-ironic-ipa-downloader-rhel8@sha256:c257f011f009454cb69d8f1f153ffe892b5f1cc3b7fb836d5e4a152574733162_ppc64le |
| Red Hat | openshift4/ose-ironic-ipa-downloader-rhel8@sha256:a47f4d5b37bcb60dc2b3b40fd24fa72185106daecdfb79a48a8882a682fc15be_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-ironic-ipa-downloader-rhel8@sha256:a47f4d5b37bcb60dc2b3b40fd24fa72185106daecdfb79a48a8882a682fc15be_amd64 |
| Red Hat | openshift4/ose-hyperkube@sha256:5447bbbd83f0c9cb09d3332f74624ec47f369bbdcee1706f645b40aaa000db86_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-hyperkube@sha256:5447bbbd83f0c9cb09d3332f74624ec47f369bbdcee1706f645b40aaa000db86_amd64 |
| Red Hat | openshift4/ose-cli-artifacts@sha256:64b4dc8cbb2c7c073fc8f25d01800821dfbb42a2f71a49395bf4061381168d6a_s390x as a component of Red Hat OpenShift Container Platform 4.5 | * |
| Red Hat | openshift4/ose-kube-proxy@sha256:418acca378cf33bcc4e007036c8add22455101185377a9aceadf53c911f29615_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-kube-proxy@sha256:418acca378cf33bcc4e007036c8add22455101185377a9aceadf53c911f29615_s390x |
| Red Hat | openshift4/ose-cluster-samples-operator@sha256:cb6e26911fba80f58645af6142c5a1848680e2b932c5bf2789fa07f9c4be604a_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | * |
| Red Hat | openshift4/ose-deployer@sha256:4d7e37f46ba781e6582caff38e2721534956bb57661ec944b2de946f91b65bd1_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | * |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:0717e349157c9738231f3afc351037544737c80ee3a9827fb5fa1d027050abec_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cluster-ingress-operator@sha256:0717e349157c9738231f3afc351037544737c80ee3a9827fb5fa1d027050abec_s390x |
| Red Hat | openshift4/ose-installer@sha256:deed786f9faf993b8273b1d5324916cbe593bca6c595cacf9b241e5adf1d18de_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | * |
| Red Hat | openshift4/ose-cluster-openshift-apiserver-operator@sha256:3d9ef7f4e7283886586b5803b7e2b3f6350e9af660a4b970e5fb7cef02ca4a8c_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cluster-openshift-apiserver-operator@sha256:3d9ef7f4e7283886586b5803b7e2b3f6350e9af660a4b970e5fb7cef02ca4a8c_amd64 |
| Red Hat | openshift4/ose-cli-artifacts@sha256:eaad76ece8b6fc7e0550712101cedddf7e0b999cdb15caebc6fd708a191e0d57_amd64 as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-cli-artifacts@sha256:eaad76ece8b6fc7e0550712101cedddf7e0b999cdb15caebc6fd708a191e0d57_amd64 |
| Red Hat | openshift4/ose-prometheus-config-reloader@sha256:686a54c8ed84b8d2629214ee88bf931d81686af5cbaa28a62ac2c2407cb0faa1_s390x as a component of Red Hat OpenShift Container Platform 4.5 | openshift4/ose-prometheus-config-reloader@sha256:686a54c8ed84b8d2629214ee88bf931d81686af5cbaa28a62ac2c2407cb0faa1_s390x |
| Red Hat | openshift4/ose-prometheus-config-reloader@sha256:74a8f31a81047b45525f95bdcbd017bab0c40e5ed10b7ec38c69cf4265a1e08f_ppc64le as a component of Red Hat OpenShift Container Platform 4.5 | * |
…and 203 more
Timeline
- Nov 24, 2020 CVE Published
- Mar 27, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2020:5118 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1856953 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1867099 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1883268 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1885228 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1892585 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1893202 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1893742 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1894763 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1894782 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1895057 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1896990 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5118.json advisory
- https://access.redhat.com/security/cve/CVE-2020-15586 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15586 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-15586 advisory
- https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ advisory
- https://access.redhat.com/security/cve/CVE-2020-16845 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-16845 advisory
…and 2 more