| CVE-2019-25211 |
unknown |
— |
— |
|
|
|
2y ago |
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https:/… |
| CVE-2023-29401 |
unknown |
— |
— |
|
|
|
3y ago |
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename… |
| CVE-2023-26125 |
unknown |
— |
— |
|
|
|
3y ago |
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header,… |
| CVE-2020-36567 |
unknown |
— |
— |
|
|
|
4y ago |
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. |
| CVE-2020-28483 |
unknown |
— |
— |
|
|
|
5y ago |
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header. |
