VYPR

Go modules package

github.com/gofiber/fiber

pkg:golang/github.com/gofiber/fiber

Vulnerabilities (3)

  • CVE-2024-38513Jul 1, 2024
    affected < 2.52.5fixed 2.52.5

    Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session

  • CVE-2023-41338Sep 8, 2023
    affected <= 1.14.6

    Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If ex

  • CVE-2020-15111Jul 20, 2020
    affected < 1.12.6fixed 1.12.6

    In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With t