Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

GHSA-68RR-P4FP-J59V Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

PT-2026-7122

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.11 Fiber versions prior to 2.52.11 running on Go versions prior to 1.24 Description The Fiber framework, an Express-inspired web framework written in Go, is susceptible to generating predictable identifiers when...