github.com/gin-gonic/gin

Go5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/gin-gonic/ginpage 1 of 1

CVE-2019-25211CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.6.0
2024-06-29
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and ht…
CVE-2020-28483HIGHCVSS 7.1EG 7.1✓ Fixed in 1.7.7
2021-01-20
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
CVE-2020-36567HIGHCVSS 7.5EG 7.5✓ Fixed in 1.6.0
2022-12-27
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
CVE-2023-26125MEDIUMCVSS 5.6EG 5.6✓ Fixed in 1.9.0
2023-05-04
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.…
CVE-2023-29401MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.9.1
2023-06-08
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-D…

Check whether github.com/gin-gonic/gin is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/gin-gonic/gin CVEs against the assets you own.

Start Free Scan →