Moderate severityNVD Advisory· Published Feb 17, 2024· Updated Aug 1, 2024
CVE-2024-21499
CVE-2024-21499
Description
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/greenpau/caddy-securityGo | <= 1.1.23 | — |
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-r969-783f-6jqrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21499ghsaADVISORY
- github.com/greenpau/caddy-securityghsaPACKAGE
- blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddyghsaWEB
- github.com/greenpau/caddy-security/issues/270ghsaWEB
- security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863ghsaWEB
- blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/mitre
News mentions
0No linked articles in our index yet.