Go modules package
github.com/corazawaf/coraza/v3
pkg:golang/github.com/corazawaf/coraza/v3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-29914 | Med | 5.4 | < 3.3.3 | 3.3.3 | Mar 20, 2025 | OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUE | |
| CVE-2023-40586 | — | >= 3.0.0, < 3.0.1 | 3.0.1 | Aug 25, 2023 | OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious reques |
- affected < 3.3.3fixed 3.3.3
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUE
- CVE-2023-40586Aug 25, 2023affected >= 3.0.0, < 3.0.1fixed 3.0.1
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious reques