Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin
Vulnerability Description
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gin 安全漏洞
Vulnerability Description
Gin是Marius Küng个人开发者的一个使用 Electron 构建的小型 JavaScript Markdown 编辑器。 Gin存在安全漏洞,该漏洞源于Context.FileAttachment 函数的文件名参数未正确清理,攻击者利用该漏洞可以通过恶意制作的附件文件名修改 Content-Disposition 标头。
CVSS Information
N/A
Vulnerability Type
N/A