CVE-2023-41338

Name of the Vulnerable Software and Affected Versions gofiber versions prior to 2.49.2

Description The issue impacts users who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting X-Forwarded-For: 127.0.0.1 in a request from a foreign host will result in true for ctx.IsFromLocal. Access is limited to the scope of the affected process.

Recommendations To resolve the issue, upgrade to version 2.49.2 or later, as this issue has been patched in version 2.49.2 with commit b8c9ede6. As a temporary workaround, consider restricting the use of the ctx.IsFromLocal method until a patch is available. Avoid using the X-Forwarded-For header in requests to minimize the risk of exploitation.