Vulnerability Report: GO-2021-0108
- CVE-2020-15111, GHSA-9cx9-x2gp-9qvh
- Affects: github.com/gofiber/fiber
- Published: Jul 28, 2021
- Modified: May 20, 2024
Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.12.6
Aliases
References
- https://github.com/gofiber/fiber/pull/579
- https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
- https://vuln.go.dev/ID/GO-2021-0108.json
Credits
- Hasibul Hasan, Abdullah Shaleh
Feedback
See anything missing or incorrect?
Suggest an edit to this report.