vulndb/data/osv/GO-2021-0108.json

{
  "id": "GO-2021-0108",
  "published": "2021-07-28T18:08:05Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2020-15111",
    "GHSA-9cx9-x2gp-9qvh"
  ],
  "details": "Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response.",
  "affected": [
    {
      "package": {
        "name": "github.com/gofiber/fiber",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.6"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2021-0108"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/gofiber/fiber",
            "symbols": [
              "Ctx.Attachment"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/gofiber/fiber/pull/579"
    },
    {
      "type": "FIX",
      "url": "https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f"
    }
  ],
  "credits": [
    {
      "name": "Hasibul Hasan and Abdullah Shaleh"
    }
  ]
}
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`{`
			`"id": "GO-2021-0108",`
			`"published": "2021-07-28T18:08:05Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
			`"CVE-2020-15111",`
			`"GHSA-9cx9-x2gp-9qvh"`
			`],`
internal/database, data/osv: trim whitespace characters in OSV description In GenerateOSVEntry, replace all whitespace characters with single spaces except for paragraph breaks represented by "\n\n". Change-Id: Ia03f0b53c94979fada6316be1346df3f48b9fabe Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/439044 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-10-05 19:05:17 +03:00			`"details": "Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response.",`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/gofiber/fiber",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "1.12.6"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2021-0108"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "github.com/gofiber/fiber",`
			`"symbols": [`
			`"Ctx.Attachment"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "FIX",`
			`"url": "https://github.com/gofiber/fiber/pull/579"`
			`},`
			`{`
			`"type": "FIX",`
			`"url": "https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f"`
			`}`
internal/database: add credits in the osv report - Update `golang.org/x/vuln/osv`. - Output credits in the OSV report from the YAML report. - Update `data/osv` to include `credits`. Fixes golang/go#55956 Change-Id: I8b1a81f33ca7b2832394be316b7d015c8a281220 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/435976 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2022-10-01 17:10:57 +03:00			`],`
			`"credits": [`
			`{`
			`"name": "Hasibul Hasan and Abdullah Shaleh"`
			`}`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`]`
			`}`