CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29401 – Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin
https://notcve.org/view.php?id=CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header. • https://github.com/gin-gonic/gin/issues/3555 https://github.com/gin-gonic/gin/pull/3556 https://github.com/gin-gonic/gin/releases/tag/v1.9.1 https://pkg.go.dev/vuln/GO-2023-1737 https://access.redhat.com/security/cve/CVE-2023-29401 https://bugzilla.redhat.com/show_bug.cgi?id=2216957 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-31873 – Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-31873
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). Gin v0.7.4 permite la ejecución de código arbitrario cuando un archivo manipulado esta abierto, por ejemplo, a través de: require('child_process'). Gin Markdown Editor version 0.7.4 suffers from an arbitrary code execution vulnerability. • https://www.exploit-db.com/exploits/51469 http://packetstormsecurity.com/files/172530/Gin-Markdown-Editor-0.7.4-Arbitrary-Code-Execution.html •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-26125 – golang-github-gin-gonic-gin: Improper Input Validation
https://notcve.org/view.php?id=CVE-2023-26125
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. • https://github.com/gin-gonic/gin/pull/3500 https://github.com/gin-gonic/gin/pull/3503 https://github.com/gin-gonic/gin/releases/tag/v1.9.0 https://github.com/t0rchwo0d/gin/commit/fd9f98e70fb4107ee68c783482d231d35e60507b https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-3324285 https://access.redhat.com/security/cve/CVE-2023-26125 https://bugzilla.redhat.com/show_bug.cgi?id=2203769 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36567 – Arbitrary log line injection in github.com/gin-gonic/gin
https://notcve.org/view.php?id=CVE-2020-36567
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. La entrada no sanitizada en el registrador predeterminado en github.com/gin-gonic/gin anterior a v1.6.0 permite a atacantes remotos inyectar líneas de registro arbitrarias. A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. • https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d https://github.com/gin-gonic/gin/pull/2237 https://pkg.go.dev/vuln/GO-2020-0001 https://access.redhat.com/security/cve/CVE-2020-36567 https://bugzilla.redhat.com/show_bug.cgi?id=2156683 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28483 – HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2020-28483
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header. Esto afecta a todas las versiones del paquete github.com/gin-gonic/gin. Cuando gin se expone directamente a Internet, la IP de un cliente se puede falsificar configurando el encabezado X-Fordered-For • https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •