reports/GO-2020-0001.yaml - vulndb - Git at Google

 module: github.com/gin-gonic/gin
 versions:
   - fixed: v1.6.0
 description: |
   The default Formatter for the Logger middleware (LoggerConfig.Formatter),
   which is included in the Default engine, allows attackers to inject arbitrary
   log entries by manipulating the request path.
 credit: "@thinkerou <thinkerou@gmail.com>"
 symbols:
   - defaultLogFormatter
 links:
   pr: https://github.com/gin-gonic/gin/pull/2237
   commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
 cve_metadata:
   id: CVE-9999-0001
   cwe: "CWE-20: Improper Input Validation"
   description: |
     Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
     allows remote attackers to inject arbitrary log lines.
	module: github.com/gin-gonic/gin
	versions:
	- fixed: v1.6.0
	description: \|
	The default Formatter for the Logger middleware (LoggerConfig.Formatter),
	which is included in the Default engine, allows attackers to inject arbitrary
	log entries by manipulating the request path.
	credit: "@thinkerou <thinkerou@gmail.com>"
	symbols:
	- defaultLogFormatter
	links:
	pr: https://github.com/gin-gonic/gin/pull/2237
	commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
	cve_metadata:
	id: CVE-9999-0001
	cwe: "CWE-20: Improper Input Validation"
	description: \|
	Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
	allows remote attackers to inject arbitrary log lines.