{"id":"GO-2020-0039","summary":"Open redirect in gopkg.in/macaron.v1","details":"Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks.","aliases":["CVE-2020-12666","GHSA-733f-44f3-3frw"],"modified":"2026-03-17T04:03:55.676263Z","published":"2021-04-14T20:04:52Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2020-0039","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/go-macaron/macaron/pull/199"},{"type":"FIX","url":"https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245"},{"type":"WEB","url":"https://github.com/go-macaron/macaron/issues/198"}],"affected":[{"package":{"name":"gopkg.in/macaron.v1","ecosystem":"Go","purl":"pkg:golang/gopkg.in/macaron.v1"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.7"}]}],"ecosystem_specific":{"imports":[{"path":"gopkg.in/macaron.v1","symbols":["Context.Next","LoggerInvoker.Invoke","Macaron.Run","Macaron.ServeHTTP","Router.ServeHTTP","staticHandler"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2020-0039.json"}}],"schema_version":"1.7.5","credits":[{"name":"@ev0A"}]}