blob: 990abd6d382497e57fe2f9736b4a7a66aca09be9 [file] [log] [blame]
packages:
- module: github.com/gofiber/fiber
symbols:
- Ctx.Attachment
versions:
- fixed: 1.12.6-0.20200710202935-a8ad5454363f
description: |
Due to improper input validation when uploading a file, a malicious user may
force the server to return arbitrary HTTP headers when the uploaded
file is downloaded.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-15111
ghsas:
- GHSA-9cx9-x2gp-9qvh
credit: Hasibul Hasan and Abdullah Shaleh
links:
pr: https://github.com/gofiber/fiber/pull/579
commit: https://github.com/gofiber/fiber/commit/a8ad5454363f627c3f9469c56c5faaf1b943f06a
context:
- https://github.com/gofiber/fiber/security/advisories/GHSA-9cx9-x2gp-9qvh