| module: github.com/gofiber/fiber |
| versions: |
| - fixed: v1.12.6 |
| description: | |
| Due to improper input sanitization, a maliciously constructed filename could cause a file |
| download to use an attacker controlled filename, as well as injecting additional headers |
| into a HTTP response. |
| cve: CVE-2020-15111 |
| credit: Hasibul Hasan and Abdullah Shaleh |
| symbols: |
| - Ctx.Attachment |
| published: 2021-07-28T12:00:00Z |
| links: |
| commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f |
| pr: https://github.com/gofiber/fiber/pull/579 |
| context: |
| - https://github.com/advisories/GHSA-9cx9-x2gp-9qvh |