Astra Linux - уязвимость в golang-github-gin-gonic-gin

This affects all versions of the package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP address can be spoofed by setting the X-Forwarded-For header...

Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin

gin-vulnerable Demo consumer pinned to github.c...

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

GHSA-98CP-84M9-Q3QP free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

Improper Access Control

github.com/1panel-dev/1panel is vulnerable to improper access control. The vulnerability is due to trusting all proxy IPs in Gin’s default configuration, which allows an attacker to spoof the X-Forwarded-For header and bypass IP-based security controls...

gin

It is an offensive tool for web frameworks. The primary target is Gin, a HTTP web framework written in Go Golang, which features a Martini-like API with much better performance. The vulnerability class/vector is not specified, but the code and metadata suggest that it may be related to a remote...

DLA-4285-1 golang-github-gin-contrib-cors - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2023-26125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted...

DEBIAN-CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...

Gin-Gonic Gin 输入验证错误漏洞

Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. A security vulnerability exists in Gin-Gonic Gin prior to version 1.9.0, which stems from vulnerability to incorrect input validation, and can be exploited by an attacker to use a specially crafte...

PT-2023-20505 · Gin Gonic +1 · Gin +1

Name of the Vulnerable Software and Affected Versions: github.com/gin-gonic/gin versions prior to 1.9.0 Description: The issue is related to Improper Input Validation, allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning...

Improper Input Validation

Overview github.com/gin-gonic/gin is a package that implements a HTTP web framework called gin. Affected versions of this package are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache...

GHSA-6VM3-JJ99-7229 Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines

Gin is a HTTP web framework written in Go Golang. Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...

DEBIAN-CVE-2020-36567

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...

Gin Web Framework 安全漏洞

Gin Web Framework is Gin-Gonic open source a web framework written in Go Golang. Gin Web Framework v1.6.0 before the version has a security vulnerability . Attackers can use the vulnerability to write arbitrary logs...

ferry 路径遍历漏洞

ferry is lanyulei personal developer based on Gin + Vue + Element UI front-end and back-end separation of the work order system. There is a path traversal vulnerability in ferry, which originates from some unknown functionality in the apis/process/task.go file and can be exploited by an attacker ...

Gin-Vue-Admin SQL注入漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin. Gin-Vue-Admin is vulnerable to SQL injection, which can be exploited by attackers to execute arbitrary SQL statements...

PT-2021-12082 · Gin · Gin-Gonic/Gin

Name of the Vulnerable Software and Affected Versions: gin-gonic/gin versions prior to 1.6.0 Description: The issue allows remote attackers to inject arbitrary log lines due to unsanitized input in the default logger. This can be achieved by manipulating the request path, which affects the defaul...

Gin-Gonic Gin Environmental Vulnerabilities

Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. github.com/gin-gonic/gin A security vulnerability exists in all versions, which stems from the ability to spoof a client's IP by setting the X-Forwarded-For header...

HTTP Response Splitting

Overview github.com/gin-gonic/gin is a package that implements a HTTP web framework called gin. Affected versions of this package are vulnerable to HTTP Response Splitting. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header. Remediatio...