blob: 98f590fae071662cf10ce26b67bfafaf58f715a3 [file] [log] [blame]
module: gopkg.in/macaron.v1
versions:
- fixed: v1.3.7
description: |
Due to improper request santization, a specifically crafted URL
can cause the static file handler to redirect to an attacker chosen
URL, allowing for open redirect attacks.
cves:
- CVE-2020-12666
credit: '@ev0A'
symbols:
- staticHandler
derived_symbols:
- Context.Next
- LoggerInvoker.Invoke
- Macaron.Run
- Macaron.ServeHTTP
- Router.ServeHTTP
links:
pr: https://github.com/go-macaron/macaron/pull/199
commit: https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
context:
- https://github.com/go-macaron/macaron/issues/198