VYPR

rpm package

opensuse/caddy&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/caddy&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2024-22189HigApr 4, 2024
    affected < 2.8.4-1.1fixed 2.8.4-1.1

    quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame

  • CVE-2023-45142Oct 12, 2023
    affected < 2.7.6-1.1fixed 2.7.6-1.1

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests

  • CVE-2022-41721Jan 13, 2023
    affected < 2.6.3-1.1fixed 2.6.3-1.1

    A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which coul

  • CVE-2022-34037Jul 22, 2022
    affected < 2.5.2-2.1fixed 2.5.2-2.1

    An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged

  • CVE-2022-29718Jun 2, 2022
    affected < 2.5.1-2.1fixed 2.5.1-2.1

    Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.