Количество 2
Количество 2
CVE-2025-48075
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue.
GHSA-hg3g-gphw-5hhm
Fiber panics when fiber.Ctx.BodyParser parses invalid range index
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-48075 Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| GHSA-hg3g-gphw-5hhm Fiber panics when fiber.Ctx.BodyParser parses invalid range index | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу