blob: 58573feb4c64ad00eb810348fed50ad56c986813 [file] [log] [blame]
id: GO-2021-0052
modules:
- module: github.com/gin-gonic/gin
versions:
- fixed: 1.7.7
vulnerable_at: 1.7.6
packages:
- package: github.com/gin-gonic/gin
symbols:
- Context.ClientIP
- Context.RemoteIP
derived_symbols:
- Context.Next
- Engine.HandleContext
- Engine.Run
- Engine.RunFd
- Engine.RunListener
- Engine.RunTLS
- Engine.RunUnix
- Engine.ServeHTTP
summary: Inconsistent interpretation of HTTP Requests in github.com/gin-gonic/gin
description: |-
Due to improper HTTP header sanitization, a malicious user can spoof their
source IP address by setting the X-Forwarded-For header. This may allow a user
to bypass IP based restrictions, or obfuscate their true source.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-28483
ghsas:
- GHSA-h395-qcrw-5vmq
credits:
- '@sorenisanerd'
references:
- report: https://github.com/gin-gonic/gin/issues/2862
- report: https://github.com/gin-gonic/gin/issues/2473
- report: https://github.com/gin-gonic/gin/issues/2232
- fix: https://github.com/gin-gonic/gin/pull/2844
- fix: https://github.com/gin-gonic/gin/commit/5929d521715610c9dd14898ebbe1d188d5de8937
- fix: https://github.com/gin-gonic/gin/pull/2632
- fix: https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
- fix: https://github.com/gin-gonic/gin/pull/2675
- fix: https://github.com/gin-gonic/gin/commit/03e5e05ae089bc989f1ca41841f05504d29e3fd9
- web: https://github.com/gin-gonic/gin/pull/2474
review_status: REVIEWED