github.com/corazawaf/coraza/v2
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/corazawaf/coraza/v2page 1 of 1
- CVE-2023-40586HIGHCVSS 7.5EG 7.52023-08-25
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately…
- CVE-2025-29914MEDIUMCVSS 5.4EG 5.42025-03-20
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads…
Check whether github.com/corazawaf/coraza/v2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/corazawaf/coraza/v2 CVEs against the assets you own.
Start Free Scan →