File tree 3 files changed +25
-13
lines changed 3 files changed +25
-13
lines changed Original file line number Diff line number Diff line change 24
24
"versions" : [
25
25
{
26
26
"version" : " 1.3.1-0.20190301021747-ccb9e902956d" ,
27
- "lessThan" : " " ,
27
+ "lessThan" : " 1.9.1 " ,
28
28
"status" : " affected" ,
29
29
"versionType" : " semver"
30
30
}
54
54
{
55
55
"url" : " https://github.com/gin-gonic/gin/pull/3556"
56
56
},
57
+ {
58
+ "url" : " https://github.com/gin-gonic/gin/releases/tag/v1.9.1"
59
+ },
57
60
{
58
61
"url" : " https://pkg.go.dev/vuln/GO-2023-1737"
59
62
}
Original file line number Diff line number Diff line change 20
20
"events" : [
21
21
{
22
22
"introduced" : " 1.3.1-0.20190301021747-ccb9e902956d"
23
+ },
24
+ {
25
+ "fixed" : " 1.9.1"
23
26
}
24
27
]
25
28
}
44
47
{
45
48
"type" : " FIX" ,
46
49
"url" : " https://github.com/gin-gonic/gin/pull/3556"
50
+ },
51
+ {
52
+ "type" : " WEB" ,
53
+ "url" : " https://github.com/gin-gonic/gin/releases/tag/v1.9.1"
47
54
}
48
55
],
49
56
"credits" : [
Original file line number Diff line number Diff line change 1
1
id : GO-2023-1737
2
2
modules :
3
- - module : github.com/gin-gonic/gin
4
- versions :
5
- - introduced : 1.3.1-0.20190301021747-ccb9e902956d
6
- vulnerable_at : 1.9.0
7
- packages :
8
- - package : github.com/gin-gonic/gin
9
- symbols :
10
- - Context.FileAttachment
3
+ - module : github.com/gin-gonic/gin
4
+ versions :
5
+ - introduced : 1.3.1-0.20190301021747-ccb9e902956d
6
+ fixed : 1.9.1
7
+ vulnerable_at : 1.9.0
8
+ packages :
9
+ - package : github.com/gin-gonic/gin
10
+ symbols :
11
+ - Context.FileAttachment
11
12
summary : Improper handling of file names in Content-Disposition HTTP header
12
13
description : |
13
14
The filename parameter of the Context.FileAttachment function is
@@ -22,12 +23,13 @@ description: |
22
23
be served with a name different than provided. Maliciously crafted
23
24
attachment file name can modify the Content-Disposition header.
24
25
ghsas :
25
- - GHSA-2c4m-59x9-fr2g
26
+ - GHSA-2c4m-59x9-fr2g
26
27
credits :
27
- - motoyasu-saburi
28
+ - motoyasu-saburi
28
29
references :
29
- - report : https://github.com/gin-gonic/gin/issues/3555
30
- - fix : https://github.com/gin-gonic/gin/pull/3556
30
+ - report : https://github.com/gin-gonic/gin/issues/3555
31
+ - fix : https://github.com/gin-gonic/gin/pull/3556
32
+ - web : https://github.com/gin-gonic/gin/releases/tag/v1.9.1
31
33
cve_metadata :
32
34
id : CVE-2023-29401
33
35
cwe : ' CWE 20: Improper Input Validation'
You can’t perform that action at this time.
0 commit comments