Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 2024/11/06 2:30 p.m.34 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

7.5CVSS7.1AI score0.91969EPSS
Exploits2References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:23 p.m.52 views

Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed security vulnerabilities

Summary IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 resolves vulnerabilities in Golang Go, Gin-Gonic Gin and libp2p go-libp2p. A vulnerability where sensitive information could be shared due to insecure network communication has also been addressed. Please refer to the table...

7.5CVSS7.1AI score0.01146EPSS
Exploits3Affected Software1
Cvelist
Cvelist
added 2023/06/08 8:27 p.m.24 views

CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.7AI score0.00482EPSS
Exploits2References4
Veracode
Veracode
added 2023/05/17 4:33 a.m.35 views

Reflected File Download

github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...

4.3CVSS6.7AI score0.00482EPSS
Exploits2References6Affected Software1
RedhatCVE
RedhatCVE
added 2023/05/15 8:51 a.m.35 views

CVE-2023-26125

A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header. Mitigation Mitigation for this iss...

7.3CVSS7AI score0.0119EPSS
Exploits1References4
Veracode
Veracode
added 2023/05/10 4:23 a.m.21 views

Cache Poisoning

github.com/gin-gonic/gin is vulnerable to Cache Poisoning. The vulnerability exists in the redirectTrailingSlash function of gin.go as it does not properly escape special characters in the header, which allows an attacker to inject a malicious payload via the X-Forwarded-Prefix header...

7.3CVSS8.8AI score0.00905EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/05/04 6:30 a.m.26 views

GHSA-3VP4-M3RF-835H Improper input validation in github.com/gin-gonic/gin

Versions of the package github.com/gin-gonic/gin before version 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a...

5.6CVSS6.3AI score0.00905EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/05/04 6:30 a.m.42 views

Improper input validation in github.com/gin-gonic/gin

Versions of the package github.com/gin-gonic/gin before version 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a...

7.3CVSS8.9AI score0.00905EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2023/05/04 5:15 a.m.24 views

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...

7.3CVSS6.4AI score0.00905EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/05/04 5:15 a.m.116 views

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...

7.3CVSS6.8AI score0.00905EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2023/05/04 5:0 a.m.38 views

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...

7.3CVSS5.5AI score0.00905EPSS
Exploits1
Veracode
Veracode
added 2022/12/29 7:39 a.m.30 views

Log Injection

github.com/gin-gonic/gin is vulnerable to log injection. The vulnerability exists in logger.go due to the lack of validation in library logs, which allows an attacker to inject malicious code into the system...

7.5CVSS7.8AI score0.01448EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/12/27 9:15 p.m.19 views

CVE-2020-36567

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...

7.5CVSS0.01448EPSS
Exploits1References3
OSV
OSV
added 2021/04/14 8:4 p.m.27 views

GO-2020-0001 Arbitrary log line injection in github.com/gin-gonic/gin

The default Formatter for the Logger middleware LoggerConfig.Formatter, which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path...

7.5CVSS7.5AI score0.01448EPSS
Exploits1References2
OSV
OSV
added 2021/04/14 8:4 p.m.19 views

GO-2021-0052 Inconsistent interpretation of HTTP Requests in github.com/gin-gonic/gin

Due to improper HTTP header sanitization, a malicious user can spoof their source IP address by setting the X-Forwarded-For header. This may allow a user to bypass IP based restrictions, or obfuscate their true source...

7.1CVSS6.8AI score0.01316EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2021/01/20 6:15 p.m.23 views

CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...

7.1CVSS6.7AI score0.01316EPSS
Exploits0References6
Prion
Prion
added 2021/01/20 6:15 p.m.17 views

Design/Logic Flaw

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...

5.8CVSS6.7AI score0.01316EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder