blob: 6e23cb19a38090c8785c45e060610482198d3d4f [file] [log] [blame]
module: github.com/gofiber/fiber
versions:
- fixed: v1.12.6-0.20200710202935-a8ad5454363f
description: |
Due to improper input validation when uploading a file, a malicious user may
force the server to return arbitrary HTTP headers when the uploaded
file is downloaded.
cves:
- CVE-2020-15111
credit: Hasibul Hasan and Abdullah Shaleh
symbols:
- Ctx.Attachment
links:
pr: github.com/gofiber/fiber/pull/579
commit: https://github.com/gofiber/fiber/commit/a8ad5454363f627c3f9469c56c5faaf1b943f06a
context:
- https://github.com/gofiber/fiber/security/advisories/GHSA-9cx9-x2gp-9qvh