- With issues:
- Use the search tool before opening a new issue.
- Please provide source code and commit sha if you found a bug.
- Review existing issues and provide feedback or react to them.
Description
An attacker can mount a phishing attack by modifying the URL value to point to a malicious Web site.
In github.com/gin-gonic/gin.redirectRequest(*github.com/gin-gonic/gin.Context): User-controlled input is used to specify an address that is used as a URL redirect or forward. An attacker can create a link to the trusted site that redirects to a malicious Web site. This could enable the attacker to steal user credentials.
![Gin SAST Coverity scan [Security] - Open Redirect](https://www.nineya.com/upload/2025/2/0050561937276910)
How to reproduce
package main
import (
"github.com/gin-gonic/gin"
)
func main() {
g := gin.Default()
g.GET("/hello/:name", func(c *gin.Context) {
c.String(200, "Hello %s", c.Param("name"))
})
g.Run(":9000")
}
Expectations
$ curl http://localhost:8201/hello/world
Hello world
Actual result
$ curl -i http://localhost:8201/hello/world
<YOUR RESULT>
Environment
- go version: 1.17, Image: us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.17.11b7
- gin version (or commit ref): github.com/gin-gonic/gin v1.7.7
- operating system: