{"url":"http://public2.vulnerablecode.io/api/packages/109249?format=json","purl":"pkg:golang/github.com/gin-gonic/gin@1.6.0","type":"golang","namespace":"github.com/gin-gonic","name":"gin","version":"1.6.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.7.7","latest_non_vulnerable_version":"1.9.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71129?format=json","vulnerability_id":"VCID-ecfe-57ed-9qe4","summary":"Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36567.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36567","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65206","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65157","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.652","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65211","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65199","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65188","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36567"},{"reference_url":"https://github.com/gin-gonic/gin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gin-gonic/gin"},{"reference_url":"https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:45:06Z/"}],"url":"https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"},{"reference_url":"https://github.com/gin-gonic/gin/pull/2237","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:45:06Z/"}],"url":"https://github.com/gin-gonic/gin/pull/2237"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36567"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:45:06Z/"}],"url":"https://pkg.go.dev/vuln/GO-2020-0001"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156683","reference_id":"2156683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0934","reference_id":"RHSA-2023:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1428","reference_id":"RHSA-2023:1428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109249?format=json","purl":"pkg:golang/github.com/gin-gonic/gin@1.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gin-gonic/gin@1.6.0"}],"aliases":["CVE-2020-36567","GHSA-6vm3-jj99-7229"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecfe-57ed-9qe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71127?format=json","vulnerability_id":"VCID-kacm-gj1k-f7hg","summary":"parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25211.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25211","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60249","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60231","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60248","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60212","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60258","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60261","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25211"},{"reference_url":"https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:33:30Z/"}],"url":"https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d"},{"reference_url":"https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:33:30Z/"}],"url":"https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0"},{"reference_url":"https://github.com/gin-contrib/cors/pull/106","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:33:30Z/"}],"url":"https://github.com/gin-contrib/cors/pull/106"},{"reference_url":"https://github.com/gin-contrib/cors/pull/57","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:33:30Z/"}],"url":"https://github.com/gin-contrib/cors/pull/57"},{"reference_url":"https://github.com/gin-contrib/cors/releases/tag/v1.6.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:33:30Z/"}],"url":"https://github.com/gin-contrib/cors/releases/tag/v1.6.0"},{"reference_url":"https://github.com/gin-gonic/gin","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gin-gonic/gin"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00024.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25211","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25211"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075962","reference_id":"1075962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295302","reference_id":"2295302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295302"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109249?format=json","purl":"pkg:golang/github.com/gin-gonic/gin@1.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gin-gonic/gin@1.6.0"}],"aliases":["CVE-2019-25211","GHSA-869c-j7wc-8jqv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kacm-gj1k-f7hg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gin-gonic/gin@1.6.0"}