Fiber Product Security Update Advisory (CVE-2024-38513)

Jul 09 2024

Overview

An update has been made available to address a vulnerability in Fiber products. Users of affected versions are advised to update to the latest version.

Affected Products

GoFiber session middleware version: ~ 2.52.4 (inclusive)

Resolved Vulnerabilities

Security vulnerability in Fiber session middleware where a user could provide their own session_id value and have a session created using that key (CVE-2024-38513)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest version.

GoFiber session middleware version: 2.52.5

For users who are unable to upgrade immediately, the following workarounds can be applied to reduce risk

session ID validation: Implement additional validation to ensure that session IDs are securely generated by the server (so that users do not provide session IDs directly)
session management: Regularly rotate session IDs and enforce strict session expiration policies.

Referenced Sites

[1] CVE-2024-38513 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38513

[2] Session Middleware Token Injection Vulnerability

https://github.com/gofiber/fiber/security/advisories/GHSA-98j2-3j3p-fw2v

Fiber Product Security Update Advisory (CVE-2024-38513)

GeoServer and GeoTools Security Update Advisory (CVE-2024-36401)

DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory

Tags:

GeoServer and GeoTools Security Update Advisory (CVE-2024-36401)

DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory