Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gofiber fiber vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-15111
In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With t...
Gofiber Fiber
8.8
CVSSv3
CVE-2023-45128
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an malicious user to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can a...
Gofiber Fiber
1 Github repository
8.8
CVSSv3
CVE-2023-45141
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an malicious user to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized acti...
Gofiber Fiber
1 Github repository
5.3
CVSSv3
CVE-2023-41338
Fiber is an Express inspired web framework built in the go language. Versions of gofiber before 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If expl...
Gofiber Fiber
6.1
CVSSv3
CVE-2024-22199
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execut...
Gofiber Django
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started