EUVD-2022-1419

Malicious code in bioql PyPI...

Password Spray Attacks Taking Advantage of Lax MFA

In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential...

Malicious code in fasthttp-globalscraper (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5131 Malicious code in fasthttp-globalscraper (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Fedora: Security Advisory for golang-github-valyala-fasthttp (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-valyala-fasthttp-1.29.0-4.fc36

Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http...

GO-2022-0355 Path traversal in github.com/valyala/fasthttp

The fasthttp.FS request handler is vulnerable to directory traversal attacks on Windows systems, and can serve files from outside the provided root directory. URL path normalization does not handle Windows path separators backslashes, permitting an attacker to construct requests with relative pat...

Fedora: Security Advisory for golang-github-valyala-fasthttp (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-valyala-fasthttp-1.19.0-4.fc35

Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http...

Fedora: Security Advisory for golang-github-valyala-fasthttp (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-valyala-fasthttp-1.29.0-3.fc36

Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http...

Directory Traversal

github.com/valyala/fasthttp is vulnerable to directory traversal. Improper sanitization in ServeFile function makes it possible to be exploited by using a backslash %5c character in the path resulting in directory traversal vulnerability...

Path traversal in github.com/valyala/fasthttp

The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

Directory traversal

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

CVE-2022-21221

CVE-2022-21221 affects the Go fasthttp package (github.com/valyala/fasthttp) prior to v1.34.0, enabling directory traversal via ServeFile when a backslash (%5c) path separator is used. The issue is noted to impact Windows systems due to path normalization differences. A patch was released in fast...

CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

fasthttp 路径遍历漏洞

fasthttp is a fast HTTP implementation for Go. A security vulnerability exists in fasthttp versions prior to 1.34.0, which stems from a lack of valid filter escaping in the ServerFile function, leading to directory traversal. An attacker can send the "/%5c" character to exploit this vulnerability...

Wallarm API Firewall outperforms Nginx in a production environment

Wallarm API Firewall is a free light-weighted API Firewall that protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else...

fasthttp:fuzz_request: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5745696710590464 Project: fasthttp Fuzzing Engine: libFuzzer Fuzz Target: fuzzrequest Job Type: libfuzzerasanfasthttp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000555d7b8 Crash State: NULL Sanitizer: address ASAN Recommended...