blob: 04221856625cd3f2ee03b65ca581521f035aff50 [file] [log] [blame]
module: github.com/gofiber/fiber
versions:
- fixed: v1.12.6
description: |
Due to improper input sanitization, a maliciously constructed filename could cause a file
download to use an attacker controlled filename, as well as injecting additional headers
into a HTTP response.
cve: CVE-2020-15111
credit: Hasibul Hasan and Abdullah Shaleh
symbols:
- Ctx.Attachment
published: 2021-07-28T12:00:00Z
links:
commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
pr: https://github.com/gofiber/fiber/pull/579
context:
- https://github.com/advisories/GHSA-9cx9-x2gp-9qvh