OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
URLs starting with // are not parsed properly, and the request REQUEST_FILENAME variable contains a wrong value, leading to potential rules bypass.
Advisories for Golang/Github.com/Jptosso/Coraza-Waf package
2025