Lucene search

Ubuntu.comUB:CVE-2020-36567

HistoryDec 27, 2022 - 12:00 a.m.

CVE-2020-36567

2022-12-2700:00:00

ubuntu.com

unsanitized input

gin-gonic

remote attackers

log injection

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.9%

JSON

Unsanitized input in the default logger in github.com/gin-gonic/gin before
v1.6.0 allows remote attackers to inject arbitrary log lines.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchgolang-github-gin-gonic-gin< anyUNKNOWN
ubuntu20.04noarchgolang-github-gin-gonic-gin< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	golang-github-gin-gonic-gin	< any	UNKNOWN
ubuntu	20.04	noarch	golang-github-gin-gonic-gin	< any	UNKNOWN

References

github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d

github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0)

github.com/gin-gonic/gin/pull/2237

launchpad.net/bugs/cve/CVE-2020-36567

nvd.nist.gov/vuln/detail/CVE-2020-36567

pkg.go.dev/vuln/GO-2020-0001

security-tracker.debian.org/tracker/CVE-2020-36567

www.cve.org/CVERecord?id=CVE-2020-36567

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.9%

JSON

Related for UB:CVE-2020-36567