Headline
GHSA-2c4m-59x9-fr2g: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of “setup.bat";x=.txt” will be sent as a file named "setup.bat".
If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-29401
Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function
Moderate severity GitHub Reviewed Published May 12, 2023 to the GitHub Advisory Database • Updated May 12, 2023
Package
gomod github.com/gin-gonic/gin (Go)
Affected versions
>= 1.3.1-0.20190301021747-ccb9e902956d, <= 1.9.0
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of “setup.bat";x=.txt” will be sent as a file named "setup.bat".
If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.
References
- gin-gonic/gin#3555
- gin-gonic/gin#3556
- https://pkg.go.dev/vuln/GO-2023-1737
Published to the GitHub Advisory Database
May 12, 2023
Last updated
May 12, 2023
Related news
Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Tem...
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.