Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.

N/A

使用具有密码学弱点缺陷的PRNG

Fiber 安全特征问题漏洞

Fiber是Fiber开源的一款使用Go语言编写的开源Web框架。 Fiber 2.52.11之前版本存在安全特征问题漏洞，该漏洞源于UUID函数未返回错误，可能导致在安全关键路径中使用可预测或低熵标识符。

N/A

N/A