mikeee / demo_gin-csrf Goto Github PK
View Code? Open in Web Editor NEWQuick test of an example for a gin middleware that helps prevent csrf attacks
License: MIT License
Quick test of an example for a gin middleware that helps prevent csrf attacks
License: MIT License
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.github/workflows/go.yml
actions/checkout v4@b4ffde65f46336ab88eb53be808477a3936bae11
actions/setup-go v4
go.mod
go 1.19
github.com/gin-contrib/sessions v0.0.5
github.com/gin-gonic/gin v1.9.1
github.com/stretchr/testify v1.8.4
github.com/utrack/gin-csrf v0.0.0-20190424104817-40fb8d2c8fca@40fb8d2c8fca
Library home page: https://proxy.golang.org/github.com/gin-gonic/gin/@v/v1.9.0.zip
CVE | Severity | CVSS | Dependency | Type | Fixed in (github.com/gin-gonic/gIn-v1.9.0 version) | Remediation Available |
---|---|---|---|---|---|---|
CVE-2023-29401 | High | 7.5 | github.com/gin-gonic/gIn-v1.9.0 | Direct | N/A | โ |
Library home page: https://proxy.golang.org/github.com/gin-gonic/gin/@v/v1.9.0.zip
Dependency Hierarchy:
Found in base branch: master
In Gin Web Framework the filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.
Publish Date: 2023-04-05
URL: CVE-2023-29401
Base Score Metrics:
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.