CVE-2023-26047 teler-waf contains detection rule bypass via entities payload

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...

PT-2023-20449 · Teler-Waf · Teler-Waf

Name of the Vulnerable Software and Affected Versions: teler-waf versions prior to 0.2.0 Description: teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. The issue allows an attacker to execute arbitrary JavaScript code on the victim's...