Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CREATE(Triage):(User=admin) [CVE-2020-15586|https://nvd.nist.gov/vuln/detail/CVE-2020-15586]
