17 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.53 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed security vulnerabilities
Summary IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 resolves vulnerabilities in Golang Go, Gin-Gonic Gin and libp2p go-libp2p. A vulnerability where sensitive information could be shared due to insecure network communication has also been addressed. Please refer to the table...
CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
Reflected File Download
github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...
CVE-2023-26125
A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header. Mitigation Mitigation for this iss...
Cache Poisoning
github.com/gin-gonic/gin is vulnerable to Cache Poisoning. The vulnerability exists in the redirectTrailingSlash function of gin.go as it does not properly escape special characters in the header, which allows an attacker to inject a malicious payload via the X-Forwarded-Prefix header...
GHSA-3VP4-M3RF-835H Improper input validation in github.com/gin-gonic/gin
Versions of the package github.com/gin-gonic/gin before version 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a...
Improper input validation in github.com/gin-gonic/gin
Versions of the package github.com/gin-gonic/gin before version 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a...
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...
Log Injection
github.com/gin-gonic/gin is vulnerable to log injection. The vulnerability exists in logger.go due to the lack of validation in library logs, which allows an attacker to inject malicious code into the system...
CVE-2020-36567
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...
GO-2020-0001 Arbitrary log line injection in github.com/gin-gonic/gin
The default Formatter for the Logger middleware LoggerConfig.Formatter, which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path...
GO-2021-0052 Inconsistent interpretation of HTTP Requests in github.com/gin-gonic/gin
Due to improper HTTP header sanitization, a malicious user can spoof their source IP address by setting the X-Forwarded-For header. This may allow a user to bypass IP based restrictions, or obfuscate their true source...
CVE-2020-28483
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...
Design/Logic Flaw
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...