CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

Published Byreport@snyk.io

Published DateJan 20, 2021, 18:15

Affected Versions(1)

github.com/gin-gonic/gin(Go)

Introduced0

Fixed1.7.7

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/gin-gonic/gin(Go)	0	1.7.7	N/A

Weakness Type (CWE):CWE-444

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE

References

Weakness Type (CWE):CWE-444

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE