1. Home
  2. CVE Database
  3. CVE-2023-26125
MEDIUM · 5.6

CVE-2023-26125

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, ...

Vulnerability Description

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Gin-GonicGin< 1.9.0

Related Weaknesses (CWE)

CWE-20CWE-77

References

FAQ

What is CVE-2023-26125?

CVE-2023-26125 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, ...

How severe is CVE-2023-26125?

CVE-2023-26125 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26125?

Check the references section above for vendor advisories and patch information. Affected products include: Gin-Gonic Gin.