VYPR

apk package

wolfi/caddy

pkg:apk/wolfi/caddy

Vulnerabilities (84)

  • CVE-2023-45142HigOct 12, 2023
    affected < 2.7.5-r1fixed 2.7.5-r1

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests

  • CVE-2023-39325HigOct 11, 2023
    affected < 2.7.5-r0fixed 2.7.5-r0

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2022-28923MedFeb 6, 2023
    affected < 0fixed 0

    Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

  • CVE-2022-29718MedJun 2, 2022
    affected < 0fixed 0

    Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

Page 5 of 5