You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
gin-keycloakv1.4.0 uses github.com/gin-gonic/gin@v1.7.7 which has on open cve, see from github.com/gin-gonic/gin/CHANGELOG.md:
Gin v1.9.1
SECURITY
fix lack of escaping of filename in Content-Disposition #3556
Description: A vulnerability has been reported in Gin-Gonic Gin, which can be exploited by malicious people to compromise a vulnerable system. 1) An error when processing the "filename" parameter in the "FileAttachment()" function (context.go) can be exploited to set the Content-Disposition response header and subsequently download otherwise restricted files. The vulnerability is reported in versions prior to 1.9.1.
Need to update gin-keycloak to work with github.com/gin-gonic/gin@v1.9.1
The text was updated successfully, but these errors were encountered:
gin-keycloakv1.4.0 uses github.com/gin-gonic/gin@v1.7.7 which has on open cve, see from github.com/gin-gonic/gin/CHANGELOG.md:
Gin v1.9.1
SECURITY
Description: A vulnerability has been reported in Gin-Gonic Gin, which can be exploited by malicious people to compromise a vulnerable system. 1) An error when processing the "filename" parameter in the "FileAttachment()" function (context.go) can be exploited to set the Content-Disposition response header and subsequently download otherwise restricted files. The vulnerability is reported in versions prior to 1.9.1.
Need to update gin-keycloak to work with github.com/gin-gonic/gin@v1.9.1
The text was updated successfully, but these errors were encountered: