10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
0.001 Low
EPSS
Percentile
26.2%
github.com/gofiber/fiber is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to improper validation and enforcement of CSRF tokens within the application. An attacker is able to exploit this vulnerability by tricking a user into clicking on a malicious link or by sending a specially crafted email. Once the victim clicks on the malicious link or opens the malicious email, the attacker could send a specially crafted HTTP request to the victim’s Fiber application. Once the vulnerability is exploited, the attacker could take control of the user’s account and steal data, or disrupt service.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gofiber/fiber | le | v2.49.2 | |
github.com/gofiber/fiber | le | v2.49.2 |