Vulnerability Report: GO-2021-0052

CVE-2020-28483, GHSA-h395-qcrw-5vmq
Affects: github.com/gin-gonic/gin
Published: Apr 14, 2021
Modified: May 20, 2024

Due to improper HTTP header sanitization, a malicious user can spoof their source IP address by setting the X-Forwarded-For header. This may allow a user to bypass IP based restrictions, or obfuscate their true source.

Affected Packages

Path

Go Versions

Symbols
github.com/gin-gonic/gin

before v1.7.7
10 affected symbols

Aliases

CVE-2020-28483
GHSA-h395-qcrw-5vmq

References

https://github.com/gin-gonic/gin/issues/2862
https://github.com/gin-gonic/gin/issues/2473
https://github.com/gin-gonic/gin/issues/2232
https://github.com/gin-gonic/gin/pull/2844
https://github.com/gin-gonic/gin/commit/5929d521715610c9dd14898ebbe1d188d5de8937
https://github.com/gin-gonic/gin/pull/2632
https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
https://github.com/gin-gonic/gin/pull/2675
https://github.com/gin-gonic/gin/commit/03e5e05ae089bc989f1ca41841f05504d29e3fd9
https://github.com/gin-gonic/gin/pull/2474
https://vuln.go.dev/ID/GO-2021-0052.json

Credits

@sorenisanerd

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL