go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

未加控制的资源消耗(资源穷尽)

OWASP Coraza WAF 资源管理错误漏洞

OWASP Coraza WAF是Coraza开源的一个 golang modsecurity 兼容的 Web 应用程序防火墙库。 OWASP Coraza WAF 3.0.0版本存在资源管理错误漏洞，该漏洞源于滥用log.Fatalf，导致使用coraza的应用程序在收到攻击者精心设计的请求后崩溃。

N/A

N/A