New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

同学，您这个项目引入了53个开源组件，存在1个漏洞，辛苦升级一下 #32

Closed

ghost opened this issue Mar 12, 2022 · 2 comments

ghost commented Mar 12, 2022

检测到 cshum/imagor 一共引入了53个开源组件，存在1个漏洞

漏洞标题：Gin-Gonic Gin 环境问题漏洞
缺陷组件：github.com/gin-gonic/gin@v1.5.0
漏洞编号：CVE-2020-28483
漏洞描述：Gin-Gonic Gin是Gin-Gonic团队的一个基于Go语言的用于快速构建Web应用的框架。
github.com/gin-gonic/gin 全部版本存在安全漏洞，该漏洞源于可以通过设置X-Forwarded-For头来欺骗客户端的IP。
影响范围：(∞, 1.7.7)
最小修复版本：1.7.7
缺陷组件引入路径：github.com/cshum/imagor@->github.com/gin-gonic/gin@v1.5.0

另外还有几个漏洞，详细报告：https://mofeisec.com/jr?p=ab77bc

The text was updated successfully, but these errors were encountered:

Owner

cshum commented Mar 12, 2022

gin is not used in our project. It may have been referenced by other libraries and it has never been imported directly nor indirectly https://github.com/cshum/imagor/blob/master/go.mod

cshum closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment