Home > Vulnerability Database > CVE-2023-26125

Mend.io Vulnerability Database

CVE-2023-26125

Good to know:

Date: May 4, 2023

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

Language: Go

Severity Score

5.6

Related Resources (7)

Url: https://github.com/gin-gonic/gin/releases/tag/v1.9.0

Url: https://github.com/gin-gonic/gin

Url: https://github.com/gin-gonic/gin/pull/3500

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-26125

Url: https://github.com/t0rchwo0d/gin/commit/fd9f98e70fb4107ee68c783482d231d35e60507b

Url: https://github.com/gin-gonic/gin/pull/3503

Url: https://www.mend.io/vulnerability-database/CVE-2023-26125

Severity Score

5.6

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version v1.9.0

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-26125

Good to know:

Date: May 4, 2023

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?