CVE-2023-29401

Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
RedHat

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.

A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.

*Credits: motoyasu-saburi

CVSS Scores

NISTv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-04-05 CVE Reserved
2023-06-08 CVE Published
2024-07-10 EPSS Updated
2024-08-02 CVE Updated
2024-08-02 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-494: Download of Code Without Integrity Check

CAPEC

References (6)

URL	Tag	Source
https://github.com/gin-gonic/gin/releases/tag/v1.9.1	Release Notes
https://pkg.go.dev/vuln/GO-2023-1737	Third Party Advisory

URL	Date	SRC
https://github.com/gin-gonic/gin/issues/3555	2024-08-02

URL	Date	SRC
https://github.com/gin-gonic/gin/pull/3556	2023-06-16

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-29401	2024-10-23
https://bugzilla.redhat.com/show_bug.cgi?id=2216957	2024-10-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gin-gonic Search vendor "Gin-gonic"		Gin Search vendor "Gin-gonic" for product "Gin"				>= 1.3.1-0.20190301021747-ccb9e902956d < 1.9.1 Search vendor "Gin-gonic" for product "Gin" and version " >= 1.3.1-0.20190301021747-ccb9e902956d < 1.9.1"		-		Affected