Vulnerability Report: GO-2020-0001
- CVE-2020-36567, GHSA-6vm3-jj99-7229
- Affects: github.com/gin-gonic/gin
- Published: Apr 14, 2021
- Modified: Jun 12, 2023
The default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.
Affected Packages
-
PathVersionsSymbols
-
before v1.6.0
5 affected symbols
Aliases
References
- https://github.com/gin-gonic/gin/pull/2237
- https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
- https://vuln.go.dev/ID/GO-2020-0001.json
Credits
- @thinkerou <thinkerou@gmail.com>
Feedback
See anything missing or incorrect?
Suggest an edit to this report.