Published: 16/10/2023 Updated: 23/10/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an malicious user to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gofiber fiber

test that this fiber alert is picked up by dependabot.

What is this? This repo is a clone of gofiber/recipes/csrf-with-session with the following changes: The READMEmd file has been updated to reflect the changes made to the repo The gomod file has been updated to use a version of Fiber that has published vulerability alerts for the CSRF middleware A dependabot configuration file has been added to the repo to enable dependabot

CWE-352 CWE-565 https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p https://nvd.nist.gov https://github.com/sixcolors/fiber-csrf-cve-test

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-45141

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect