VYPR

Go modules package

github.com/corazawaf/coraza/v3

pkg:golang/github.com/corazawaf/coraza/v3

Vulnerabilities (2)

  • CVE-2025-29914MedMar 20, 2025
    affected < 3.3.3fixed 3.3.3

    OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUE

  • CVE-2023-40586Aug 25, 2023
    affected >= 3.0.0, < 3.0.1fixed 3.0.1

    OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious reques