UBUNTU-CVE-2023-26125

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-26125

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-26125.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-26125

Related

CVE-2023-26125

Published

2023-05-04T05:15:00Z

Modified

2024-10-15T14:11:24Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

References

Affected packages

Ubuntu:Pro:18.04:LTS / golang-github-gin-gonic-gin

Package

Name: golang-github-gin-gonic-gin
Purl: pkg:deb/ubuntu/golang-github-gin-gonic-gin?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2+dfsg1-2

1.2+dfsg1-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / golang-github-gin-gonic-gin

Package

Name: golang-github-gin-gonic-gin
Purl: pkg:deb/ubuntu/golang-github-gin-gonic-gin?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0+dfsg1-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / golang-github-gin-gonic-gin

Package

Name: golang-github-gin-gonic-gin
Purl: pkg:deb/ubuntu/golang-github-gin-gonic-gin?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.3-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-github-gin-gonic-gin

Package

Name: golang-github-gin-gonic-gin
Purl: pkg:deb/ubuntu/golang-github-gin-gonic-gin?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-github-gin-gonic-gin

Package

Name: golang-github-gin-gonic-gin
Purl: pkg:deb/ubuntu/golang-github-gin-gonic-gin?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.1-1

1.8.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}