What is CVE-2020-15111?

CVE-2020-15111 is a medium-severity vulnerability in Gofiber Fiber, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 4.2/10. Published 2020-07-20.

How severe is CVE-2020-15111?

Medium severity. CVSS v3 base score is 4.2 out of 10.

Vulnerability in Gofiber Fiber

CVE-2020-15111

In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and…

EPSS: 0.002 (47.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N.

Affected products

Gofiber Fiber — versions < 1.12.6

Weakness classification (CWE)

References

github.com/gofiber/fiber/security/advisories/GHSA-9cx9-x2gp-9qvh (x_refsource_CONFIRM)
github.com/gofiber/fiber/pull/579/commits/f698b5d5066cfe594102ae252cd58a1fe57cf… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15111?: CVE-2020-15111 is a medium-severity vulnerability in Gofiber Fiber, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 4.2/10. Published 2020-07-20.
How severe is CVE-2020-15111?: Medium severity. CVSS v3 base score is 4.2 out of 10.