CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

Cache Poisoning

github.com/gin-gonic/gin is vulnerable to Cache Poisoning. The vulnerability exists in the redirectTrailingSlash function of gin.go as it does not properly escape special characters in the header, which allows an attacker to inject a malicious payload via the X-Forwarded-Prefix header...

Improper input validation in github.com/gin-gonic/gin

Versions of the package github.com/gin-gonic/gin before version 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a...

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...

Log Injection

github.com/gin-gonic/gin is vulnerable to log injection. The vulnerability exists in logger.go due to the lack of validation in library logs, which allows an attacker to inject malicious code into the system...

CVE-2020-36567

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...

GO-2020-0001 Arbitrary log line injection in github.com/gin-gonic/gin

The default Formatter for the Logger middleware LoggerConfig.Formatter, which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path...

Design/Logic Flaw

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...