Published: 20/01/2021 Updated: 11/05/2021

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gin-gonic gin

Debian Bug report logs - #988943 CVE-2020-28483 Package: src:golang-github-gin-gonic-gin; Maintainer for src:golang-github-gin-gonic-gin is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 21 May 2021 19:36:01 UTC Severity: important Tags: security ...

Golang SCA（Software Composition Analysis）通过分析你的go.mod文件，协助你发现，Golang项目的依赖库是否存在漏洞

功能 Golang 依赖库安全风险分析, 协助你快速发现 Golang依赖库的安全风险。原理： 1 从所有 gomod 文件中解析出你依赖的所有库名和版本号。 2 对获取到的库名和版本号进行去重。 3 从缓存中查询（缓存72小时自动过期），是否已经有查询结果，有的话从缓存中取出。 4 缓存中没有的�

一些关于go代码安全漏洞的整理

持续更新！！！ sql注入 sql注入 ssrf ssrf xml注入 xml注入 xss xss 代码注入代码注入(cve-2018-6574) 命令执行命令执行文件上传文件上传 gitea条件竞争，任意文件写入文件读取_下载文件读取_下载 gitea路径穿越漏洞 grafana任意文件读取未授权访问 Gitea140未授权访问 CVE-2021-45232-Apache-APISIX-Dashboa

CWE-444 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736 https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988943 https://nvd.nist.gov https://github.com/fdl66/Golang_SCA

CVE-2020-28483

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect