Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fiber panics when fiber.Ctx.BodyParser parses invalid range index
Vulnerability Description
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue.
CVSS Information
N/A
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
Fiber 输入验证错误漏洞
Vulnerability Description
Fiber是Fiber开源的一款使用Go语言编写的开源Web框架。 Fiber 2.52.6至2.52.7之前版本存在输入验证错误漏洞,该漏洞源于fiber.Ctx.BodyParser处理负索引时崩溃,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A