Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36567

Опубликовано: 27 дек. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/lokistack-gateway-rhel9Not affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-must-gather-api-rhel8Affected
OpenShift Serverlessopenshift-serverless-1/client-kn-rhel8Affected
OpenShift Serverlessopenshift-serverless-1/ingress-rhel8-operatorWill not fix
Red Hat Advanced Cluster Management for Kubernetes 2acm-multicluster-globalhub-agent-containerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rbac-query-proxy-containerWill not fix
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/acm-grafana-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-117
https://bugzilla.redhat.com/show_bug.cgi?id=2156683gin: Unsanitized input in the default logger in github.com/gin-gonic/gin

EPSS

Процентиль: 40%
0.00184
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-36567

CVSS3: 7.5
ubuntu
около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

nvd логотип

CVE-2020-36567

CVSS3: 7.5
nvd
около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

debian логотип

CVE-2020-36567

CVSS3: 7.5
debian
около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin be ...

github логотип

GHSA-6vm3-jj99-7229

CVSS3: 7.5
github
около 3 лет назад

Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines

EPSS

Процентиль: 40%
0.00184
Низкий

7.5 High

CVSS3