Fix CVE-2023-29401 in Gin HIGH

Fix CVE-2023-29401 (filename enumeration via Content-Disposition) in Gin for Go. Paste your go.mod into PackageFix and get a patched version back — no CLI, no signup.

⚠ Vulnerability

CVE-2023-29401 — filename enumeration via Content-Disposition in Gin. Update to v1.9.1 or later.

Vulnerable Version — go.mod

github.com/gin-gonic/gin v1.7.0

Fixed Version — go.mod

github.com/gin-gonic/gin v1.9.1

✓ Fix

Update to v1.9.1 and run go mod tidy to apply the fix.

Scan your dependencies now — paste your manifest, get a fixed version back in seconds.

Open PackageFix →

No signup · No CLI · No GitHub connection · Runs 100% in your browser

Frequently Asked Questions

What is CVE-2023-29401?

CVE-2023-29401 is a vulnerability in Gin that allows filename enumeration via Content-Disposition. Update to version v1.9.1 or later to fix it.

Is CVE-2023-29401 on the CISA KEV catalog?

Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.

How do I fix CVE-2023-29401 in Gin?

Update Gin to version v1.9.1 or later in your go.mod. Run go mod tidy after updating.

Does CVE-2023-29401 affect all versions of Gin?

Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.