Vulnerability Details CVE-2024-21499
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.7%
CVSS Severity
CVSS v3 Score 4.3
References
- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
- https://github.com/greenpau/caddy-security/issues/270
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863
- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
- https://github.com/greenpau/caddy-security/issues/270
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863
Products affected by CVE-2024-21499
-
cpe:2.3:a:greenpau:caddy-security:*