Vulnerability Report: GO-2023-1874
- CVE-2023-40586, GHSA-c2pj-v37r-2p6h
- Affects: github.com/corazawaf/coraza/v2, github.com/corazawaf/coraza/v3
- Published: Jul 05, 2023
- Modified: Sep 11, 2023
Due to the misuse of log.Fatalf, Coraza may crash after receiving crafted requests from attackers.
For detailed information about this vulnerability, visit https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h.
Affected Packages
-
PathVersionsSymbols
-
all versions, no known fixedall symbols
-
before v3.0.1all symbols
Aliases
References
- https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h
- https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c
- https://github.com/corazawaf/coraza/releases/tag/v3.0.1
- https://vuln.go.dev/ID/GO-2023-1874.json
Credits
- rmb122
Feedback
See anything missing or incorrect?
Suggest an edit to this report.