blob: 379cf56ae964433b4d976cdaee8548c911d1e9f4 [file] [log] [blame]
packages:
- module: github.com/gofiber/fiber
symbols:
- Ctx.Attachment
versions:
- fixed: 1.12.6
description: |
Due to improper input sanitization, a maliciously constructed filename could cause a file
download to use an attacker controlled filename, as well as injecting additional headers
into an HTTP response.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2020-15111
ghsas:
- GHSA-9cx9-x2gp-9qvh
credit: Hasibul Hasan and Abdullah Shaleh
links:
pr: https://github.com/gofiber/fiber/pull/579
commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
context:
- https://github.com/advisories/GHSA-9cx9-x2gp-9qvh