{"id":"GO-2021-0108","summary":"CRLF vulnerability in Fiber in github.com/gofiber/fiber","details":"Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response.","aliases":["CVE-2020-15111","GHSA-9cx9-x2gp-9qvh"],"modified":"2024-05-20T16:03:47Z","published":"2021-07-28T18:08:05Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2021-0108"},"references":[{"type":"FIX","url":"https://github.com/gofiber/fiber/pull/579"},{"type":"FIX","url":"https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f"}],"affected":[{"package":{"name":"github.com/gofiber/fiber","ecosystem":"Go","purl":"pkg:golang/github.com/gofiber/fiber"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.12.6"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/gofiber/fiber","symbols":["Ctx.Attachment"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0108.json"}}],"schema_version":"1.7.3","credits":[{"name":"Hasibul Hasan"},{"name":"Abdullah Shaleh"}]}