CVE-2023-40586

Name of the Vulnerable Software and Affected Versions OWASP Coraza WAF versions prior to 3.0.1

Description The issue is caused by the misuse of log.Fatalf in the OWASP Coraza WAF library, which leads to the application crashing after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in mime.ParseMediaType.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 to resolve the issue. As a temporary workaround, consider modifying the error handling in the mime.ParseMediaType function to return directly instead of using log.Fatalf, which calls os.Exit and causes the application to crash.