reports/GO-2020-0001.yaml - vulndb - Git at Google

 packages:
   - module: github.com/gin-gonic/gin
     symbols:
       - defaultLogFormatter
     versions:
       - fixed: 1.6.0
 description: |
     The default Formatter for the Logger middleware (LoggerConfig.Formatter),
     which is included in the Default engine, allows attackers to inject arbitrary
     log entries by manipulating the request path.
 published: 2021-04-14T20:04:52Z
 credit: '@thinkerou <thinkerou@gmail.com>'
 links:
     pr: https://github.com/gin-gonic/gin/pull/2237
     commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
 cve_metadata:
     id: CVE-2020-36567
     cwe: "CWE-117 Improper Output Neutralization for Logs"
     description: |
         Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
         allows remote attackers to inject arbitrary log lines.
	packages:
	- module: github.com/gin-gonic/gin
	symbols:
	- defaultLogFormatter
	versions:
	- fixed: 1.6.0
	description: \|
	The default Formatter for the Logger middleware (LoggerConfig.Formatter),
	which is included in the Default engine, allows attackers to inject arbitrary
	log entries by manipulating the request path.
	published: 2021-04-14T20:04:52Z
	credit: '@thinkerou <thinkerou@gmail.com>'
	links:
	pr: https://github.com/gin-gonic/gin/pull/2237
	commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
	cve_metadata:
	id: CVE-2020-36567
	cwe: "CWE-117 Improper Output Neutralization for Logs"
	description: \|
	Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
	allows remote attackers to inject arbitrary log lines.