CVE-2020-12666
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Open redirect in gopkg.in/macaron.v1
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | gopkg.in/macaron.v1 | <1.3.7 | 1.3.7 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-12666
- https://github.com/go-macaron/macaron/issues/198
- https://github.com/go-macaron/macaron/issues/198#issuecomment-622885959
- https://github.com/go-macaron/macaron/pull/199
- https://github.com/go-macaron/macaron/pull/199/commits/6bd9385542f7133467ab7d09a5f28f7d5dc52af7
- https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
- https://github.com/go-macaron/macaron
- https://github.com/go-macaron/macaron/releases/tag/v1.3.7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QEUOHRC4EN4WZ66EVFML2UCV7ZQ63XZ
- https://pkg.go.dev/vuln/GO-2020-0039
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.