Back to bug 2216957
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-06-23 12:00:56 UTC | CC | aveerama, bdettelb, dcadzow, dhughes, dkenigsb, dsimansk, dymurray, eglynn, ellin, fdeutsch, gparvin, ibolton, jjoyce, jkoehler, jmatthew, jmontleo, lball, lgamliel, lhh, matzew, mburns, mfilanov, mgarciac, nboldt, njean, oramraz, owatkins, pahickey, pgrist, rfreiman, rgarg, rhuss, rjohnson, scorneli, shbose, skontopo, slucidi, smullick, sseago, stcannon, teagle, ubhargav | |
| Avinash Hanwate | 2023-06-23 12:08:53 UTC | Depends On | 2216959 | |
| Avinash Hanwate | 2023-06-23 12:11:23 UTC | Doc Text | A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions, caused by improper input validation by the filename parameter of the Context.FileAttachment function. By using a specially-crafted attachment file name, an attacker could exploit this vulnerability to modify the Content-Disposition header. | |
| CC | dfreiber, jburrell, rogbas, vkumar | |||
| Avinash Hanwate | 2023-06-23 12:17:57 UTC | Depends On | 2216960, 2216961 | |
| RaTasha Tillery-Smith | 2023-06-23 13:16:35 UTC | Doc Text | A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions, caused by improper input validation by the filename parameter of the Context.FileAttachment function. By using a specially-crafted attachment file name, an attacker could exploit this vulnerability to modify the Content-Disposition header. | A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name. |
| Avinash Hanwate | 2023-07-04 05:26:39 UTC | CC | caswilli, dffrench, gzaronik, kaycoth, mkleinhe, ngough, psegedy, rgodfrey, tcarlin, tkasparek, tsasak | |
| CC | crarobin, jmadigan, pamccart | |||
| Depends On | 2219507 | |||
| Red Hat Bugzilla | 2023-07-07 08:32:42 UTC | Assignee | security-response-team | nobody |
| errata-xmlrpc | 2023-07-27 01:14:06 UTC | Link ID | Red Hat Product Errata RHSA-2023:4293 | |
| Product Security DevOps Team | 2023-07-27 06:18:14 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-07-27 06:18:14 UTC |
Back to bug 2216957