reports/GO-2021-0052.yaml - vulndb - Git at Google

 packages:
   - module: github.com/gin-gonic/gin
     symbols:
       - Context.ClientIP
     versions:
       - fixed: 1.6.3-0.20210406033725-bfc8ca285eb4
 description: |
     Due to improper HTTP header santization, a malicious user can spoof their
     source IP address by setting the X-Forwarded-For header. This may allow
     a user to bypass IP based restrictions, or obfuscate their true source.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-28483
 ghsas:
   - GHSA-h395-qcrw-5vmq
 credit: '@sorenh'
 links:
     pr: https://github.com/gin-gonic/gin/pull/2632
     commit: https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
     context:
       - https://github.com/gin-gonic/gin/pull/2474
	packages:
	- module: github.com/gin-gonic/gin
	symbols:
	- Context.ClientIP
	versions:
	- fixed: 1.6.3-0.20210406033725-bfc8ca285eb4
	description: \|
	Due to improper HTTP header santization, a malicious user can spoof their
	source IP address by setting the X-Forwarded-For header. This may allow
	a user to bypass IP based restrictions, or obfuscate their true source.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-28483
	ghsas:
	- GHSA-h395-qcrw-5vmq
	credit: '@sorenh'
	links:
	pr: https://github.com/gin-gonic/gin/pull/2632
	commit: https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
	context:
	- https://github.com/gin-gonic/gin/pull/2474