What is CVE-2023-41338?

CVE-2023-41338 is a medium-severity vulnerability in Gofiber Fiber, classified under Always-Incorrect Control Flow Implementation. CVSS score: 5.3/10. Published 2023-09-08.

How severe is CVE-2023-41338?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Gofiber Fiber

CVE-2023-41338

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to res…

EPSS: 0.003 (55.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Gofiber Fiber — versions < 2.49.2

Weakness classification (CWE)

CWE-670 — Always-Incorrect Control Flow Implementation

References

https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f (x_refsource_CONFIRM)
https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc (x_refsource_MISC)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For (x_refsource_MISC)
https://docs.gofiber.io/api/ctx#isfromlocal (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-41338?: CVE-2023-41338 is a medium-severity vulnerability in Gofiber Fiber, classified under Always-Incorrect Control Flow Implementation. CVSS score: 5.3/10. Published 2023-09-08.
How severe is CVE-2023-41338?: Medium severity. CVSS v3 base score is 5.3 out of 10.