VYPR

Go modules package

github.com/caddyserver/caddy/v2/modules/caddyhttp

pkg:golang/github.com/caddyserver/caddy/v2/modules/caddyhttp

Vulnerabilities (1)

  • CVE-2026-30852Mar 7, 2026
    affected >= 2.7.5, < 2.11.2fixed 2.11.2

    Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When vars_regexp matches against a placeholder like {http.request.