New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

同学，您这个项目引入了59个开源组件，存在1个漏洞，辛苦升级一下 #77

Closed

dependasec bot opened this issue Mar 15, 2022 · 1 comment

dependasec bot commented Mar 15, 2022

检测到 ArtisanCloud/PowerWeChat 一共引入了59个开源组件，存在1个漏洞

漏洞标题：Gin-Gonic Gin 环境问题漏洞
缺陷组件：github.com/gin-gonic/gin@v1.7.2
漏洞编号：CVE-2020-28483
漏洞描述：Gin-Gonic Gin是Gin-Gonic团队的一个基于Go语言的用于快速构建Web应用的框架。
github.com/gin-gonic/gin 全部版本存在安全漏洞，该漏洞源于可以通过设置X-Forwarded-For头来欺骗客户端的IP。
影响范围：(∞, 1.7.7)
最小修复版本：1.7.7
缺陷组件引入路径：github.com/ArtisanCloud/PowerWeChat@->github.com/gin-gonic/gin@v1.7.2

另外还有几个漏洞，详细报告：https://mofeisec.com/jr?p=a1996d

The text was updated successfully, but these errors were encountered:

Contributor

Matrix-X commented Apr 23, 2022

release/1.2.5已处理

Matrix-X closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment