Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Gin-Gonic Gin 输入验证错误漏洞
Vulnerability Description
Gin-Gonic Gin是Gin-Gonic团队的一个基于Go语言的用于快速构建Web应用的框架。 Gin-Gonic Gin 1.9.0 之前版本存在安全漏洞,该漏洞源于容易受到不正确的输入验证的影响,攻击者利用该漏洞可以通过 X-Forwarded-Prefix 标头使用特制请求,从而可能导致缓存中毒。
CVSS Information
N/A
Vulnerability Type
N/A