Lucene search

Veracode Vulnerability DatabaseVERACODE:40459

HistoryMay 10, 2023 - 4:23 a.m.

Cache Poisoning

2023-05-1004:23:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cache poisoning

github.com/gin-gonic/gin

redirecttrailingslash

special characters

header

x-forwarded-prefix

vulnerability

software

0.001 Low

EPSS

Percentile

38.7%

JSON

github.com/gin-gonic/gin is vulnerable to Cache Poisoning. The vulnerability exists in the redirectTrailingSlash function of gin.go as it does not properly escape special characters in the header, which allows an attacker to inject a malicious payload via the X-Forwarded-Prefix header.

CPENameOperatorVersion
github.com/gin-gonic/ginlev1.8.2
github.com/gin-gonic/ginlev1.8.2

CPE	Name	Operator	Version
	github.com/gin-gonic/gin	le	v1.8.2
	github.com/gin-gonic/gin	le	v1.8.2

References

github.com/advisories/GHSA-3vp4-m3rf-835h

github.com/gin-gonic/gin/commit/81ac7d55a09e34013225db0aeac6e70c1ae68928

github.com/gin-gonic/gin/pull/3500

github.com/gin-gonic/gin/pull/3503

github.com/gin-gonic/gin/releases/tag/v1.9.0

github.com/t0rchwo0d/gin/commit/fd9f98e70fb4107ee68c783482d231d35e60507b

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for VERACODE:40459