CVE-2023-26047 (teler-waf)

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat …

application attack attacks browser bypass case characters code compromise cve entities exploit hex http ids javascript middleware payload protect security special tab teler ids the web version victim vulnerability vulnerable waf web web application