High severityNVD Advisory· Published Jan 20, 2021· Updated Sep 16, 2024
HTTP Response Splitting
CVE-2020-28483
Description
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gin-gonic/ginGo | < 1.7.7 | 1.7.7 |
Affected products
2- github.com/gin-gonic/gindescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
19- github.com/advisories/GHSA-h395-qcrw-5vmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28483ghsaADVISORY
- github.com/gin-gonic/gin/commit/03e5e05ae089bc989f1ca41841f05504d29e3fd9ghsaWEB
- github.com/gin-gonic/gin/commit/5929d521715610c9dd14898ebbe1d188d5de8937ghsaWEB
- github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711ghsaWEB
- github.com/gin-gonic/gin/issues/2232ghsaWEB
- github.com/gin-gonic/gin/issues/2473ghsaWEB
- github.com/gin-gonic/gin/issues/2862ghsaWEB
- github.com/gin-gonic/gin/pull/2474ghsaWEB
- github.com/gin-gonic/gin/pull/2474ghsaWEB
- github.com/gin-gonic/gin/pull/2474%23issuecomment-729696437mitrex_refsource_MISC
- github.com/gin-gonic/gin/pull/2632ghsaWEB
- github.com/gin-gonic/gin/pull/2675ghsaWEB
- github.com/gin-gonic/gin/pull/2844ghsaWEB
- github.com/gin-gonic/gin/pull/2844/filesghsaWEB
- github.com/gin-gonic/gin/releases/tag/v1.7.0ghsaWEB
- github.com/gin-gonic/gin/releases/tag/v1.7.7ghsaWEB
- pkg.go.dev/vuln/GO-2021-0052ghsaWEB
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.