Github.Com Gofiber Fiber vulnerabilities
3 known vulnerabilities affecting github.com/gofiber_fiber.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-38513P3CRITICAL≥ 0, < 2.52.52024-07-01
CVE-2024-38513 [CRITICAL] CWE-384 Session Middleware Token Injection Vulnerability
Session Middleware Token Injection Vulnerability
A security vulnerability has been identified in the Fiber session middleware where a user can supply their own session_id value, leading to the creation of a session with that key.
## Impact
The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in
ghsaosv
CVE-2023-41338P4MEDIUM≥ 0, ≤ 1.14.62023-09-08
CVE-2023-41338 [MEDIUM] CWE-670 Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`
### Impact
This vulnerability can be categorized as a security misconfiguration. It impacts users of our project who rely on the [ctx.IsFromLocal()](https://docs.gofiber.io/api/ctx#isfromlocal) method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost.
In it'
ghsaosv
CVE-2020-15111P4MEDIUM≥ 0, < 1.12.62021-06-29
CVE-2020-15111 [MEDIUM] CWE-74 CRLF vulnerability in Fiber
CRLF vulnerability in Fiber
### Impact
The filename that is given in [c.Attachment()](https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to another site, change the authorization header, etc.
### Steps to rep
ghsaosv