GO-2020-0001

Source
https://vuln.go.dev/ID/GO-2020-0001.json
Aliases
  • CVE-2020-36567
Published
2021-04-14T20:04:52Z
Modified
2022-11-21T19:50:45Z
Details

The default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

References

Affected packages

Go / github.com/gin-gonic/gin

github.com/gin-gonic/gin

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
1.6.0

Affected versions

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Default",
                "Logger",
                "LoggerWithConfig",
                "LoggerWithFormatter",
                "LoggerWithWriter"
            ],
            "path": "github.com/gin-gonic/gin"
        }
    ]
}

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2020-0001"
}