reports/GO-2021-0108.yaml - vulndb - Git at Google

 module: github.com/gofiber/fiber
 versions:
   - fixed: v1.12.6
 description: |
   Due to improper input sanitization, a maliciously constructed filename could cause a file
   download to use an attacker controlled filename, as well as injecting additional headers
   into an HTTP response.
 cves:
   - CVE-2020-15111
 credit: Hasibul Hasan and Abdullah Shaleh
 symbols:
   - Ctx.Attachment
 links:
   commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
   pr: https://github.com/gofiber/fiber/pull/579
   context:
     - https://github.com/advisories/GHSA-9cx9-x2gp-9qvh
	module: github.com/gofiber/fiber
	versions:
	- fixed: v1.12.6
	description: \|
	Due to improper input sanitization, a maliciously constructed filename could cause a file
	download to use an attacker controlled filename, as well as injecting additional headers
	into an HTTP response.
	cves:
	- CVE-2020-15111
	credit: Hasibul Hasan and Abdullah Shaleh
	symbols:
	- Ctx.Attachment
	links:
	commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
	pr: https://github.com/gofiber/fiber/pull/579
	context:
	- https://github.com/advisories/GHSA-9cx9-x2gp-9qvh