CVE-2020-36567

CVSS V2 None CVSS V3 None
Description
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
Overview
  • CVE ID
  • CVE-2020-36567
  • Assigner
  • security@golang.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-27T21:15:10
  • Last Modified Date
  • 2023-01-06T14:38:33
Weakness Enumerations
CWE URL
CWE-116 http://cwe.mitre.org/data/definitions/116.html
CWE-117 http://cwe.mitre.org/data/definitions/117.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:gin-gonic:gin:*:*:*:*:*:*:*:* 1 OR 1.6.0
References
Reference URL Reference Tags
https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
https://github.com/gin-gonic/gin/pull/2237
https://pkg.go.dev/vuln/GO-2020-0001
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36567
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36567
History
Created Old Value New Value Data Type Notes
2022-12-27 22:15:09 Added to TrackCVE
2022-12-27 22:15:10 Weakness Enumeration new
2022-12-28 12:14:45 2022-12-28T10:18:56 CVE Modified Date updated
2022-12-28 12:14:45 Received Awaiting Analysis Vulnerability Status updated
2023-01-04 16:17:12 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-06 15:17:44 2023-01-06T14:38:33 CVE Modified Date updated
2023-01-06 15:17:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-06 15:17:45 Weakness Enumeration update
2023-01-06 15:17:46 CPE Information updated