GO-2020-0001

Source

https://storage.googleapis.com/go-vulndb/ID/GO-2020-0001.json

Aliases

CVE-2020-36567

Published

2021-04-14T20:04:52Z

Modified

2022-08-19T22:21:47Z

Details

The default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

References

https://github.com/gin-gonic/gin/pull/2237
https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36567

Affected packages

Go / github.com/gin-gonic/gin

github.com/gin-gonic/gin

Affected ranges

Type: SEMVER
Events: Introduced

0

Fixed

1.6.0

Affected versions

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "defaultLogFormatter"
            ],
            "path": "github.com/gin-gonic/gin"
        }
    ]
}

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2020-0001"
}