2 matches found
CVE-2020-15111
In Fiber before version 1.12.6, the filename that is given in c.Attachment https://docs.gofiber.io/ctxattachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the...
CVE-2020-15111
CVE-2020-15111 affects Fiber prior to 1.12.6. The filename passed to c.Attachment() is not escaped, enabling a CRLF injection when a user-supplied filename is used. This can allow an attacker to alter the downloaded filename, redirect to another site, or modify the HTTP headers (e.g., Authorizati...