CVE-2020-28483
frankyhun opened this issue · comments
Gábor Frank commented
Used version of github.com/gin-gonic/gin v1.6.3 is vulnerable to CVE-2020-28483.
name: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
message: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in github.com/gin-gonic/gin
description: When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
solution: Upgrade to version 1.7.0 or above.
CVE-2020-28483: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28483