HTTP Response Splitting in github.com/gin-gonic/gin

Do your applications use this vulnerable package? Test your applications

Overview

github.com/gin-gonic/gin is a package that implements a HTTP web framework called gin.

Affected versions of this package are vulnerable to HTTP Response Splitting. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

Remediation

Upgrade github.com/gin-gonic/gin to version 1.7.0 or higher.

References

GitHub Commit
GitHub PR

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

Low
Availability

None

Credit: Soren L. Hansen
CVE: CVE-2020-28483
CWE: CWE-113
Snyk ID: SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
Disclosed: 19 Nov, 2020
Published: 20 Jan, 2021

HTTP Response Splitting
Affecting github.com/gin-gonic/gin package, versions <1.7.0

Overview

Remediation

References

CVSS Score

HTTP Response Splitting Affecting github.com/gin-gonic/gin package, versions <1.7.0

Overview

Remediation

References

HTTP Response Splitting
Affecting github.com/gin-gonic/gin package, versions <1.7.0