Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Gin Security Vulnerabilities

cve
cve

CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

7.1CVSS

6.6AI Score

0.002EPSS

2021-01-20 06:15 PM
50
2
cve
cve

CVE-2020-36567

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

7.5CVSS

7.3AI Score

0.002EPSS

2022-12-27 09:15 PM
170
cve
cve

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant threa...

7.3CVSS

7AI Score

0.001EPSS

2023-05-04 05:15 AM
85
cve
cve

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=...

4.3CVSS

4.2AI Score

0.001EPSS

2023-06-08 09:15 PM
114