CVE-2024-38513

The CVE-2024-38513 issue affects the GoFiber (Fiber) session middleware in GoFiber versions prior to 2.52.5. The vulnerability allows a user to supply their own session_id value, which can cause a session to be created with that key. This can enable unauthorized access or session fixation if an a...

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

GO-2024-2574 Insecure CORS Configuration allowing wildcard origin with credentials in github.com/gofiber/fiber/v2

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

GO-2024-2461 Cross-site scripting in github.com/gofiber/template/django/v3

Cross-site scripting in github.com/gofiber/template/django/v3...

Cross Site Scripting (XSS)

github.com/gofiber/template is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper validation and sanitization of user input via the template engine. This issue can be exploited by attacker via injecting malicious JavaScript via the template engine resulting in XSS...

Cross-site Scripting (XSS)

Overview github.com/gofiber/template/v2/django/v2 is a template engine create by flosch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Views interface due to improper input validation. An attacker can execute malicious scripts in users' browsers when visitin...

GO-2023-2116 CSRF token validation vulnerability in github.com/gofiber/fiber/v2

A cross-site request forgery vulnerability can allow an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is...

GO-2023-2115 CSRF token reuse vulnerability in github.com/gofiber/fiber/v2

A cross-site request forgery vulnerability in this package can allow an attacker to inject arbitrary values and forge malicious requests on behalf of a user. The attacker may inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated use...

Cross-Site Request Forgery (CSRF)

github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. An attacker is able to trick a user into performing unauthorized actions on the application, such as changing their...

CVE-2023-41338 Vulnerability in Ctx.IsFromLocal() in gofiber

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could...

CVE-2023-41338 Vulnerability in Ctx.IsFromLocal() in gofiber

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could...

PT-2023-27914 · Gofiber · Gofiber

Name of the Vulnerable Software and Affected Versions: gofiber versions prior to 2.49.2 Description: The issue impacts users who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost...

GHSA-927H-X4QJ-R242 github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error

The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...

github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error

The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...