{"schema_version":"1.3.1","id":"GO-2021-0052","modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","aliases":["CVE-2020-28483","GHSA-h395-qcrw-5vmq"],"summary":"Inconsistent interpretation of HTTP Requests in github.com/gin-gonic/gin","details":"Due to improper HTTP header sanitization, a malicious user can spoof their source IP address by setting the X-Forwarded-For header. This may allow a user to bypass IP based restrictions, or obfuscate their true source.","affected":[{"package":{"name":"github.com/gin-gonic/gin","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.7.7"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/gin-gonic/gin","symbols":["Context.ClientIP","Context.Next","Context.RemoteIP","Engine.HandleContext","Engine.Run","Engine.RunFd","Engine.RunListener","Engine.RunTLS","Engine.RunUnix","Engine.ServeHTTP"]}]}}],"references":[{"type":"REPORT","url":"https://github.com/gin-gonic/gin/issues/2862"},{"type":"REPORT","url":"https://github.com/gin-gonic/gin/issues/2473"},{"type":"REPORT","url":"https://github.com/gin-gonic/gin/issues/2232"},{"type":"FIX","url":"https://github.com/gin-gonic/gin/pull/2844"},{"type":"FIX","url":"https://github.com/gin-gonic/gin/commit/5929d521715610c9dd14898ebbe1d188d5de8937"},{"type":"FIX","url":"https://github.com/gin-gonic/gin/pull/2632"},{"type":"FIX","url":"https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711"},{"type":"FIX","url":"https://github.com/gin-gonic/gin/pull/2675"},{"type":"FIX","url":"https://github.com/gin-gonic/gin/commit/03e5e05ae089bc989f1ca41841f05504d29e3fd9"},{"type":"WEB","url":"https://github.com/gin-gonic/gin/pull/2474"}],"credits":[{"name":"@sorenisanerd"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0052","review_status":"REVIEWED"}}