Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21497 | 1 Greenpau | 1 Caddy-security | 2026-03-03 | N/A | 5.4 MEDIUM |
| Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection. | |||||
| CVE-2024-21494 | 1 Greenpau | 1 Caddy-security | 2025-04-24 | N/A | 5.4 MEDIUM |
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | |||||