Fenny

**Name of the Vulnerable Software and Affected Versions** Fiber versions prior to 1.12.6 **Description** The issue arises from improper input sanitization in the `c.Attachment()` function, allowing a maliciously constructed filename to inject additional headers into an HTTP response. This can lead to a CRLF injection attack, where an attacker could upload a custom filename, change the name of the downloaded file, redirect to another site, or change the authorization header. **Recommendations** For versions prior to 1.12.6, a possible workaround is to serialize the input before passing it to `ctx.Attachment()`. This issue has been patched in version 1.12.6, so updating to this version or later will resolve the issue.