#VU72755 Input validation error in Gin


Published: 2023-03-03

Vulnerability identifier: #VU72755

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36567

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Gin
Web applications / CMS

Vendor: Gin-Gonic

Description

The vulnerability allows a remote attacker to manipulate information in the log files.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject arbitrary log lines.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Gin: 0.1 - 1.5.0

External links
http://pkg.go.dev/vuln/GO-2020-0001
http://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
http://github.com/gin-gonic/gin/pull/2237

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Migration Toolkit for Containers (MTC)
Multiple vulnerabilities in Red Hat Migration Toolkit for Applications
Log data manipulation in Gin