Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vulnerability in Ctx.IsFromLocal() in gofiber
Vulnerability Description
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
Fiber 安全漏洞
Vulnerability Description
Fiber是一款使用Go语言编写的开源Web框架。 Fiber 2.49.1之前版本存在安全漏洞,该漏洞源于没有正确限制对localhost的访问,导致未经授权的攻击者可以访问仅供给本地主机使用的资源。
CVSS Information
N/A
Vulnerability Type
N/A