lambda-go-api-proxy makes it easy to port APIs written with Go frameworks such as Gin (https://gin-gonic.github.io/gin/ ) to AWS Lambda and Amazon API Gateway.
Used version of github.com/gin-gonic/gin v1.6.3 is vulnerable to CVE-2020-28483.
name: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
message: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in github.com/gin-gonic/gin
description: When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
Used version of github.com/gin-gonic/gin v1.6.3 is vulnerable to CVE-2020-28483.
name: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) message: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in github.com/gin-gonic/gin description: When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
solution: Upgrade to version 1.7.0 or above.
CVE-2020-28483: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28483