Open slievrly opened 11 months ago
RoBot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
Title: security: dependency security vulnerability
Is it enough to upgrade the corresponding dependencies to versions 0.7.0 and 1.9.1 or above and adapt the corresponding code?
golang.org/x/net
github.com/gin-gonic/gin
If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.