rpm package
suse/caddy&distro=SUSE Package Hub 15 SP4
pkg:rpm/suse/caddy&distro=SUSE%20Package%20Hub%2015%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34037 | Hig | 7.5 | < 2.5.2-bp154.2.8.1 | 2.5.2-bp154.2.8.1 | Jul 22, 2022 | An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged | |
| CVE-2022-29718 | Med | 6.1 | < 2.5.1-bp154.2.5.1 | 2.5.1-bp154.2.5.1 | Jun 2, 2022 | Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. |
- affected < 2.5.2-bp154.2.8.1fixed 2.5.2-bp154.2.8.1
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged
- affected < 2.5.1-bp154.2.5.1fixed 2.5.1-bp154.2.5.1
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.