data/reports/GO-2021-0108.yaml - vulndb - Git at Google

 id: GO-2021-0108
 modules:
     - module: github.com/gofiber/fiber
       versions:
         - fixed: 1.12.6
       vulnerable_at: 1.12.5
       packages:
         - package: github.com/gofiber/fiber
           symbols:
             - Ctx.Attachment
 summary: CRLF vulnerability in Fiber in github.com/gofiber/fiber
 description: |-
     Due to improper input sanitization, a maliciously constructed filename could
     cause a file download to use an attacker controlled filename, as well as
     injecting additional headers into an HTTP response.
 published: 2021-07-28T18:08:05Z
 cves:
     - CVE-2020-15111
 ghsas:
     - GHSA-9cx9-x2gp-9qvh
 credits:
     - Hasibul Hasan
     - Abdullah Shaleh
 references:
     - fix: https://github.com/gofiber/fiber/pull/579
     - fix: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
	id: GO-2021-0108
	modules:
	- module: github.com/gofiber/fiber
	versions:
	- fixed: 1.12.6
	vulnerable_at: 1.12.5
	packages:
	- package: github.com/gofiber/fiber
	symbols:
	- Ctx.Attachment
	summary: CRLF vulnerability in Fiber in github.com/gofiber/fiber
	description: \|-
	Due to improper input sanitization, a maliciously constructed filename could
	cause a file download to use an attacker controlled filename, as well as
	injecting additional headers into an HTTP response.
	published: 2021-07-28T18:08:05Z
	cves:
	- CVE-2020-15111
	ghsas:
	- GHSA-9cx9-x2gp-9qvh
	credits:
	- Hasibul Hasan
	- Abdullah Shaleh
	references:
	- fix: https://github.com/gofiber/fiber/pull/579
	- fix: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f