CVE-2023-26125

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-26125
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26125.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-26125
Aliases
Downstream
Published
2023-05-04T05:15:09Z
Modified
2025-10-16T05:44:25.363596Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.

Note: Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

References

Affected packages

Git / github.com/gin-gonic/gin

Affected ranges

Type
GIT
Repo
https://github.com/gin-gonic/gin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ea03e10384502e1baf6f560a2b0ea32c342ede5b
Type
GIT
Repo
https://github.com/t0rchwo0d/gin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fd9f98e70fb4107ee68c783482d231d35e60507b

Affected versions

v0.*

v0.1
v0.2b
v0.3
v0.4
v0.5
v0.6

v1.*

v1.0
v1.0-rc.2
v1.0rc1
v1.1
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1