{"containers": {"cna": {"affected": [{"product": "github.com/gin-gonic/gin", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Soren L. Hansen"}], "datePublic": "2021-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "HTTP Response Splitting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T17:44:49", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"}], "title": "HTTP Response Splitting", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-01-20T17:04:04.441209Z", "ID": "CVE-2020-28483", "STATE": "PUBLIC", "TITLE": "HTTP Response Splitting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "github.com/gin-gonic/gin", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Soren L. Hansen"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HTTP Response Splitting"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"}, {"name": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437", "refsource": "MISC", "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:40:59.359Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-28483", "datePublished": "2021-01-20T17:46:29.476098Z", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-09-16T17:28:31.192Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gin-gonic:gin:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE4CE6DB-2B9C-4C34-9DC3-4F298BAAD75B", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete github.com/gin-gonic/gin. Cuando gin se expone directamente a Internet, la IP de un cliente se puede falsificar configurando el encabezado X-Fordered-For"}], "id": "CVE-2020-28483", "lastModified": "2024-11-21T05:22:53.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-01-20T18:15:12.517", "references": [{"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gin: HTTP response splitting", "id": "1927270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927270"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.", "A flaw was found in gin when exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header."], "name": "CVE-2020-28483", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "gin", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}], "public_date": "2020-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-28483\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-28483\nhttps://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736"], "statement": "Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.0 is affected by this flaw as it uses the gin framework within Hive component for provisioning. However, versions beginning with RHACM 2.1 are not affected as the gin framework is not being used.", "threat_severity": "Moderate"}