What is CVE-2024-38513?

CVE-2024-38513 is a critical-severity vulnerability in Gofiber Fiber, classified under Session Fixation. CVSS score: 10.0/10. Published 2024-07-01.

How severe is CVE-2024-38513?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Gofiber Fiber

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id valu…

EPSS: 0.003 (56.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Gofiber Fiber — versions < 2.52.5

Weakness classification (CWE)

CWE-384 — Session Fixation

References

https://github.com/gofiber/fiber/security/advisories/GHSA-98j2-3j3p-fw2v (x_refsource_CONFIRM)
https://github.com/gofiber/fiber/commit/66a881441b27322a331f1b526cf1eb6b3358a4d8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-38513?: CVE-2024-38513 is a critical-severity vulnerability in Gofiber Fiber, classified under Session Fixation. CVSS score: 10.0/10. Published 2024-07-01.
How severe is CVE-2024-38513?: Critical severity. CVSS v3 base score is 10.0 out of 10.