Giters

awslabs / aws-lambda-go-api-proxy

lambda-go-api-proxy makes it easy to port APIs written with Go frameworks such as Gin (https://gin-gonic.github.io/gin/ ) to AWS Lambda and Amazon API Gateway.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2020-28483

frankyhun opened this issue · comments

commented

Used version of github.com/gin-gonic/gin v1.6.3 is vulnerable to CVE-2020-28483.

name: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
message: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in github.com/gin-gonic/gin
description: When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

solution: Upgrade to version 1.7.0 or above.

CVE-2020-28483: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28483