Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Fiber Security Vulnerabilities

cve
cve

CVE-2024-6355

A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /status/product_info/. The manipulation of the argument product_info leads to cross site scripting......

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-26 09:15 PM
17
cve
cve

CVE-2024-25124

Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard (*)...

9.4CVSS

9.1AI Score

0.0004EPSS

2024-02-21 09:15 PM
22
cve
cve

CVE-2023-45141

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

8.8CVSS

8.7AI Score

0.001EPSS

2023-10-16 09:15 PM
22
cve
cve

CVE-2023-45128

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to...

10CVSS

8.8AI Score

0.001EPSS

2023-10-16 09:15 PM
52
cve
cve

CVE-2023-41338

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could...

5.3CVSS

5.1AI Score

0.001EPSS

2023-09-08 07:15 PM
2379
cve
cve

CVE-2020-15111

In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the.....

5.4CVSS

5.5AI Score

0.001EPSS

2020-07-20 06:15 PM
48
cve
cve

CVE-2004-1663

Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP...

6.8AI Score

0.016EPSS

2005-02-20 05:00 AM
19