All Fiber CVEs — Complete Vulnerability History
Fiber is an Express-inspired Go HTTP framework. The main CVE is CVE-2024-22189 — a HTTP/2 CONTINUATION frames flood causing DoS.
Go
N/A weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2024-22189 | 2024 | HIGH | DoS via HTTP/2 CONTINUATION frames flood | Fixed v2.52.2 |
Current safe version: v2.52.2
# Before
"github.com/gofiber/fiber/v2 v2.40.0"
# After
"github.com/gofiber/fiber/v2 v2.52.2"
Then run: go mod tidy
Paste your manifest — see your exact versions against the full CVE history.
Scan with PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
What is the HTTP/2 CONTINUATION flood?
An attacker sends a series of HTTP/2 HEADERS frames followed by CONTINUATION frames without the END_HEADERS flag set. The server buffers all frames waiting for the end, consuming memory. Unlike the Rapid Reset attack, this doesn't require cancelling streams.
Is Fiber suitable for production use?
Fiber is popular for high-performance Go APIs. It's built on Fasthttp rather than net/http — which gives performance benefits but also means it may not be compatible with all net/http middleware.