Vulnerability Report: GO-2023-2052

CVE-2023-41338, GHSA-3q5p-3558-364f
Affects: github.com/gofiber/fiber/v2
Published: Sep 12, 2023
Modified: May 20, 2024

The Ctx.IsFromLocal function can incorrectly report a request as being sent from localhost when the request contains an X-Forwarded-For header containing a localhost IP address.

For detailed information about this vulnerability, visit https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f.

Affected Packages

Path

Go Versions

Symbols
github.com/gofiber/fiber/v2

before v2.49.2-0.20230906112033-b8c9ede6efa2
- Ctx.IsFromLocal

Aliases

CVE-2023-41338
GHSA-3q5p-3558-364f

References

https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f
https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc
https://vuln.go.dev/ID/GO-2023-2052.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL