Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:github.com/greenpau/caddy-security:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductGithub.Com/Greenpau/Caddy Security (923e2848-8691-56d5-b0fa-5e517a5896dc)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-21500 vulnerable 2026-06-08 06:27:35.433993 Details available
MEDIUM (4.8)
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.
Published: 2024-02-17T05:00:06.899Z
Updated: 2024-12-05T20:33:44.652Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21499 vulnerable 2026-06-08 06:27:35.433574 Details available
MEDIUM (4.3)
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
Published: 2024-02-17T05:00:06.256Z
Updated: 2024-08-01T22:20:40.619Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21498 vulnerable 2026-06-08 06:27:35.431590 Details available
MEDIUM (5.3)
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.
Published: 2024-02-17T05:00:05.493Z
Updated: 2024-08-01T22:20:40.839Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21497 vulnerable 2026-06-08 06:27:35.431157 Details available
MEDIUM (5.4)
Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.
Published: 2024-02-17T05:00:04.298Z
Updated: 2026-03-03T16:28:25.943Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21496 vulnerable 2026-06-08 06:27:35.430751 Details available
MEDIUM (6.1)
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user’s browser, compromising user sessions.
Published: 2024-02-17T05:00:02.407Z
Updated: 2024-11-06T18:53:52.043Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21495 vulnerable 2026-06-08 06:27:35.430286 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21494 vulnerable 2026-06-08 06:27:35.428499 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21493 vulnerable 2026-06-08 06:27:35.425891 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21492 vulnerable 2026-06-08 06:27:35.424753 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.