GO-2020-0001

Source

https://pkg.go.dev/vuln/GO-2020-0001

Import Source

https://vuln.go.dev/ID/GO-2020-0001.json

Aliases

CVE-2020-36567
GHSA-6vm3-jj99-7229

Published

2021-04-14T20:04:52Z

Modified

2023-11-08T04:03:47.851512Z

Details

The default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

References

https://github.com/gin-gonic/gin/pull/2237
https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d

Affected packages

Go / github.com/gin-gonic/gin

Package

Name: github.com/gin-gonic/gin

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.6.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/gin-gonic/gin",
            "symbols": [
                "Default",
                "Logger",
                "LoggerWithConfig",
                "LoggerWithFormatter",
                "LoggerWithWriter"
            ]
        }
    ]
}