CVE-2023-40586

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

CVE-2023-40586

CVE-2023-40586 affects OWASP Coraza WAF (Go) where misuse of log.Fatalf in the multipart body processing leads to immediate crash when a crafted request triggers an error in mime.ParseMediaType. Patch is available in version 3.0.1; remediation is to upgrade to 3.0.1+ (or apply fix). The Red Hat/V...

CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...