13 matches found
GO-2026-4534 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3...
CVE-2026-25899
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2026-25899
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2026-25899 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2026-25899
CVE-2026-25899 affects GoFiber (Fiber) v3 branch prior to 3.1.0. The issue arises from the use of the fiber_flash cookie, which can trigger unbounded memory allocation (up to ~85 GB) via unvalidated MsgPack deserialization. A crafted 10-character cookie causes the allocation, with no authenticati...
CVE-2026-25899 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2026-25899 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Summary The use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack deserialization. No authentication is required. Every GoFiber v3 endpoint is affected regardle...
GHSA-2MR3-M5Q5-WGP6 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Summary The use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack deserialization. No authentication is required. Every GoFiber v3 endpoint is affected regardle...
PT-2026-21803
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.1.0 Description The use of the fiber flash cookie can lead to an unbounded allocation on any server. A specially crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory through unvalidat...
CVE-2025-57821
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...
Macromedia Flash Player 6.0.x Flash Cookie Predictable File Location Weakness
No description provided by source. source: http://www.securityfocus.com/bid/8900/info Macromedia Flash Player is reported to store Flash cookies .sol files in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable...
Internet Explorer Vulnerability: Content-Location works with both triple and double slash
After I reported the Content-Location Vulnerability http://www.securityfocus.com/archive/1/342317, Thor Larholm explained that the html execution was not caused by the Content-Location header, but instead by the triple slash file:///. I have tested it with double slash and I even tested the tripl...