Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

同学,您这个项目引入了188个开源组件,存在1个漏洞,辛苦升级一下 #14

Open
ghost opened this issue Mar 12, 2022 · 0 comments

Comments

@ghost
Copy link

ghost commented Mar 12, 2022

检测到 airdb/sls-bbhj 一共引入了188个开源组件,存在1个漏洞

漏洞标题:Gin-Gonic Gin 环境问题漏洞
缺陷组件:github.com/gin-gonic/[email protected]
漏洞编号:CVE-2020-28483
漏洞描述:Gin-Gonic Gin是Gin-Gonic团队的一个基于Go语言的用于快速构建Web应用的框架。
github.com/gin-gonic/gin 全部版本存在安全漏洞,该漏洞源于可以通过设置X-Forwarded-For头来欺骗客户端的IP。
影响范围:(∞, 1.7.7)
最小修复版本:1.7.7
缺陷组件引入路径:github.com/airdb/sls-bbhj@->github.com/gin-gonic/[email protected]

另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=aeebd8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants