| modules: |
| - module: github.com/gin-gonic/gin |
| versions: |
| - introduced: 1.3.1-0.20190301021747-ccb9e902956d |
| vulnerable_at: 1.9.0 |
| packages: |
| - package: github.com/gin-gonic/gin |
| symbols: |
| - Context.FileAttachment |
| summary: Improper handling of file names in Content-Disposition HTTP header |
| description: | |
| The filename parameter of the Context.FileAttachment function is |
| not properly sanitized. A maliciously crafted filename can cause |
| the Content-Disposition header to be sent with an unexpected |
| filename value or otherwise modify the Content-Disposition header. |
| For example, a filename of "setup.bat";x=.txt" will be sent |
| as a file named "setup.bat". |
| |
| If the FileAttachment function is called with names provided by an |
| untrusted source, this may permit an attacker to cause a file to |
| be served with a name different than provided. Maliciously crafted |
| attachment file name can modify the Content-Disposition header. |
| ghsas: |
| - GHSA-2c4m-59x9-fr2g |
| credits: |
| - motoyasu-saburi |
| references: |
| - report: https://github.com/gin-gonic/gin/issues/3555 |
| - fix: https://github.com/gin-gonic/gin/pull/3556 |
| cve_metadata: |
| id: CVE-2023-29401 |
| cwe: 'CWE 20: Improper Input Validation' |