Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/gofiber/fiber/v2/middleware/session@2.52.5
Typegolang
Namespacegithub.com/gofiber/fiber/v2/middleware
Namesession
Version2.52.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-63dk-9unq-rqhy
vulnerability_id VCID-63dk-9unq-rqhy
summary Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If a website relies on the mere presence of a session for security purposes, this can lead to significant security risks, including unauthorized access and session fixation attacks. All users utilizing GoFiber's session middleware in the affected versions are impacted. The issue has been addressed in version 2.52.5. Users are strongly encouraged to upgrade to version 2.52.5 or higher to mitigate this vulnerability. Users who are unable to upgrade immediately can apply the following workarounds to reduce the risk: Either implement additional validation to ensure session IDs are not supplied by the user and are securely generated by the server, or regularly rotate session IDs and enforce strict session expiration policies.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38513
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56733
published_at 2026-06-12T12:55:00Z
1
value 0.00334
scoring_system epss
scoring_elements 0.56737
published_at 2026-06-14T12:55:00Z
2
value 0.00334
scoring_system epss
scoring_elements 0.56612
published_at 2026-06-11T12:55:00Z
3
value 0.00334
scoring_system epss
scoring_elements 0.56748
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38513
1
reference_url https://github.com/gofiber/fiber
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/gofiber/fiber
2
reference_url https://github.com/gofiber/fiber/commit/7926e5bf4da03e54f62d27d53229d35b264cba8e
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/gofiber/fiber/commit/7926e5bf4da03e54f62d27d53229d35b264cba8e
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38513
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38513
4
reference_url https://github.com/gofiber/fiber/commit/66a881441b27322a331f1b526cf1eb6b3358a4d8
reference_id 66a881441b27322a331f1b526cf1eb6b3358a4d8
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-02T20:26:43Z/
url https://github.com/gofiber/fiber/commit/66a881441b27322a331f1b526cf1eb6b3358a4d8
5
reference_url https://github.com/gofiber/fiber/security/advisories/GHSA-98j2-3j3p-fw2v
reference_id GHSA-98j2-3j3p-fw2v
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-02T20:26:43Z/
url https://github.com/gofiber/fiber/security/advisories/GHSA-98j2-3j3p-fw2v
fixed_packages
0
url pkg:golang/github.com/gofiber/fiber/v2/middleware/session@2.52.5
purl pkg:golang/github.com/gofiber/fiber/v2/middleware/session@2.52.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gofiber/fiber/v2/middleware/session@2.52.5
aliases CVE-2024-38513, GHSA-98j2-3j3p-fw2v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63dk-9unq-rqhy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/gofiber/fiber/v2/middleware/session@2.52.5