blob: 934a5c8177add7125a3f0517c65078345b5093e6 [file] [log] [blame]
id: GO-2020-0039
modules:
- module: gopkg.in/macaron.v1
versions:
- fixed: 1.3.7
vulnerable_at: 1.3.6
packages:
- package: gopkg.in/macaron.v1
symbols:
- staticHandler
derived_symbols:
- Context.Next
- LoggerInvoker.Invoke
- Macaron.Run
- Macaron.ServeHTTP
- Router.ServeHTTP
summary: Open redirect in gopkg.in/macaron.v1
description: |-
Due to improper request sanitization, a specifically crafted URL can cause the
static file handler to redirect to an attacker chosen URL, allowing for open
redirect attacks.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-12666
ghsas:
- GHSA-733f-44f3-3frw
credits:
- '@ev0A'
references:
- fix: https://github.com/go-macaron/macaron/pull/199
- fix: https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
- web: https://github.com/go-macaron/macaron/issues/198
review_status: REVIEWED