Insecure dependencies: CVE-2020-28483, CVE-2020-29652, CVE-2021-43565, CVE-2022-27191
go-compile opened this issue · comments
CVE-2020-28483
[Component] github.com/gin-gonic/gin
[Vector] A malicious user can spoof their source IP address by setting the X-Forwarded-For header
[Severity] 7.1 High
[CWR] HTTP Request/Response Smuggling
Implicated code:
Line 57 in 8d7c3bf
Additionally vulnerabilities in indirect packages
[Impact] LOW
These packages are not directly used in Epitaf but are by its dependencies. I do not believe these vulnerabilities are exploitable in Epitaf, but it is still recommended to upgrade them regardless.
golang.org/x/crypto/ssh
References
- https://pkg.go.dev/vuln/GO-2021-0052
- https://nvd.nist.gov/vuln/detail/CVE-2020-28483
- https://pkg.go.dev/vuln/GO-2021-0356
- https://nvd.nist.gov/vuln/detail/CVE-2022-27191
- https://pkg.go.dev/vuln/GO-2022-0968
- https://nvd.nist.gov/vuln/detail/CVE-2021-43565
- https://pkg.go.dev/vuln/GO-2021-0227
- https://nvd.nist.gov/vuln/detail/CVE-2020-29652