Fiber Security Vulnerabilities and Issues — Fiber CVE List

Lucene search

GofiberFiber

7 matches found

CVE•added 2023/09/08 7:15 p.m.•2484 views

CVE-2023-41338

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could all...

5.3CVSS5.1AI score0.00334EPSS

CVE•added 2025/05/22 6:15 p.m.•107 views

CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using key[idx]value syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

8.7CVSS6.5AI score0.00077EPSS

CVE•added 2024/02/21 9:15 p.m.•88 views

CVE-2024-25124

Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard (*) wh...

9.8CVSS9.2AI score0.00387EPSS

CVE•added 2023/10/16 9:15 p.m.•77 views

CVE-2023-45128

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

10CVSS9.4AI score0.00072EPSS

CVE•added 2020/07/20 6:15 p.m.•60 views

CVE-2020-15111

In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the a...

5.8CVSS4.9AI score0.0024EPSS

CVE•added 2024/07/01 7:15 p.m.•60 views

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If ...

10CVSS9.4AI score0.00339EPSS

CVE•added 2023/10/16 9:15 p.m.•59 views

CVE-2023-45141

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the us...

8.8CVSS8.8AI score0.00101EPSS