Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

github.com/gin-gonic/gin dependency security warning #256

Closed
serbrech opened this issue Sep 27, 2021 · 2 comments · Fixed by #269
Closed

github.com/gin-gonic/gin dependency security warning #256

serbrech opened this issue Sep 27, 2021 · 2 comments · Fixed by #269

Comments

@serbrech
Copy link
Member

1 github.com/gin-gonic/gin vulnerability found in go.sum 3 days ago
Remediation
Upgrade github.com/gin-gonic/gin to version 1.7.0 or later. For example:

require github.com/gin-gonic/gin v1.7.0
Always verify the validity and compatibility of suggestions with your codebase.

Details

CVE-2020-28483
high severity
Vulnerable versions: < 1.7.0
Patched version: 1.7.0
This affects all versions of package github.com/gin-gonic/gin under 1.7.0. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

go mod why github.com/gin-gonic/gin :

github.com/Azure/azure-service-bus-go
nhooyr.io/websocket
nhooyr.io/websocket.test
github.com/gin-gonic/gin
@serbrech
Copy link
Member Author

coder/websocket#297

@jhendrixMSFT jhendrixMSFT mentioned this issue Nov 16, 2021
Merged
@jhendrixMSFT
Copy link
Member

jhendrixMSFT commented Nov 16, 2021
edited
Loading

Fixed in v0.11.5

@jhendrixMSFT jhendrixMSFT mentioned this issue Nov 16, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update a few more dependencies
2 participants
@serbrech @jhendrixMSFT