Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26125: Fix #3500 Add escape logic for header · t0rchwo0d/gin@fd9f98e

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

CVE
#vulnerability#git

Expand Up @@ -186,15 +186,19 @@ func TestRouteRedirectTrailingSlash(t *testing.T) { assert.Equal(t, 200, w.Code)
w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "…/…/bug#?"}) assert.Equal(t, "…/…/…/bug%2523%253F/path", w.Header().Get(“Location”)) assert.Equal(t, "//bug//path", w.Header().Get(“Location”)) assert.Equal(t, 301, w.Code)
w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "https://gin-gonic.com/#"}) assert.Equal(t, "https%3A/gin-gonic.com/%23/https%253A/gin-gonic.com/%2523/path", w.Header().Get(“Location”)) assert.Equal(t, "https/gin-goniccom/https/gin-goniccom/path", w.Header().Get(“Location”)) assert.Equal(t, 301, w.Code)
w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "#bug"}) assert.Equal(t, "%23bug/%2523bug/path", w.Header().Get(“Location”)) assert.Equal(t, "bug/bug/path", w.Header().Get(“Location”)) assert.Equal(t, 301, w.Code)
w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "/nor-mal/#?a=1"}) assert.Equal(t, "/nor-mal/a1/path", w.Header().Get(“Location”)) assert.Equal(t, 301, w.Code)
router.RedirectTrailingSlash = false Expand Down

Related news

Red Hat Security Advisory 2024-8688-03

Red Hat Security Advisory 2024-8688-03 - Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4627-01

Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4627: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:4293: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Tem...

GHSA-3vp4-m3rf-835h: Improper input validation in github.com/gin-gonic/gin

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907