CVE-2023-31873

HIGH

Gin 0.7.4 - RCE

Title source: llm

Description

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').

Exploits (1)

exploitdb WORKING POC
by 8bitsec · textlocalmultiple
https://www.exploit-db.com/exploits/51469

References (1)

Scores

CVSS v3 7.8
EPSS 0.0036
EPSS Percentile 58.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
gin_project/gin 0.7.4
Published May 28, 2023
Tracked Since Feb 18, 2026