GO-2020-0001

Source
https://pkg.go.dev/vuln/GO-2020-0001
Import Source
https://vuln.go.dev/ID/GO-2020-0001.json
Aliases
Published
2021-04-14T20:04:52Z
Modified
2023-11-08T04:03:47.851512Z
Details

The default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

References

Affected packages

Go / github.com/gin-gonic/gin

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.6.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/gin-gonic/gin",
            "symbols": [
                "Default",
                "Logger",
                "LoggerWithConfig",
                "LoggerWithFormatter",
                "LoggerWithWriter"
            ]
        }
    ]
}