Source: golang-github-gin-gonic-gin
Version: 1.8.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for golang-github-gin-gonic-gin.

CVE-2023-26125[0]:
| Versions of the package github.com/gin-gonic/gin before 1.9.0 are
| vulnerable to Improper Input Validation by allowing an attacker to use
| a specially crafted request via the X-Forwarded-Prefix header,
| potentially leading to cache poisoning. **Note:** Although this issue
| does not pose a significant threat on its own it can serve as an input
| vector for other more impactful vulnerabilities. However, successful
| exploitation may depend on the server configuration and whether the
| header is used in the application logic.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-26125
    https://www.cve.org/CVERecord?id=CVE-2023-26125
[1] https://github.com/gin-gonic/gin/pull/3500
[2] https://github.com/gin-gonic/gin/pull/3503
[3] 
https://github.com/gin-gonic/gin/commit/81ac7d55a09e34013225db0aeac6e70c1ae68928

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to