blob: cdb508da10ac9e3fa7da9e6cf8201e15da753cc5 [file] [log] [blame]
packages:
- module: gopkg.in/macaron.v1
symbols:
- staticHandler
derived_symbols:
- Context.Next
- LoggerInvoker.Invoke
- Macaron.Run
- Macaron.ServeHTTP
- Router.ServeHTTP
versions:
- fixed: 1.3.7
description: |
Due to improper request santization, a specifically crafted URL
can cause the static file handler to redirect to an attacker chosen
URL, allowing for open redirect attacks.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-12666
ghsas:
- GHSA-733f-44f3-3frw
credit: '@ev0A'
links:
pr: https://github.com/go-macaron/macaron/pull/199
commit: https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
context:
- https://github.com/go-macaron/macaron/issues/198