Vulnerability Report: GO-2020-0039
- CVE-2020-12666, GHSA-733f-44f3-3frw
- Affects: gopkg.in/macaron.v1
- Published: Apr 14, 2021
- Modified: May 20, 2024
Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.3.7
5 affected symbols
Aliases
References
- https://github.com/go-macaron/macaron/pull/199
- https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
- https://github.com/go-macaron/macaron/issues/198
- https://vuln.go.dev/ID/GO-2020-0039.json
Credits
- @ev0A
Feedback
See anything missing or incorrect?
Suggest an edit to this report.