Github.Com/Greenpau/Caddy Security
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:github.com/greenpau/caddy-security:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Github.Com/Greenpau/Caddy Security (923e2848-8691-56d5-b0fa-5e517a5896dc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21500 |
vulnerable | 2026-06-08 06:27:35.433993 |
Details available
MEDIUM (4.8)
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.
Published: 2024-02-17T05:00:06.899Z
Updated: 2024-12-05T20:33:44.652Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21499 |
vulnerable | 2026-06-08 06:27:35.433574 |
Details available
MEDIUM (4.3)
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
Published: 2024-02-17T05:00:06.256Z
Updated: 2024-08-01T22:20:40.619Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21498 |
vulnerable | 2026-06-08 06:27:35.431590 |
Details available
MEDIUM (5.3)
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.
Published: 2024-02-17T05:00:05.493Z
Updated: 2024-08-01T22:20:40.839Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21497 |
vulnerable | 2026-06-08 06:27:35.431157 |
Details available
MEDIUM (5.4)
Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.
Published: 2024-02-17T05:00:04.298Z
Updated: 2026-03-03T16:28:25.943Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21496 |
vulnerable | 2026-06-08 06:27:35.430751 |
Details available
MEDIUM (6.1)
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user’s browser, compromising user sessions.
Published: 2024-02-17T05:00:02.407Z
Updated: 2024-11-06T18:53:52.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21495 |
vulnerable | 2026-06-08 06:27:35.430286 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21494 |
vulnerable | 2026-06-08 06:27:35.428499 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21493 |
vulnerable | 2026-06-08 06:27:35.425891 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21492 |
vulnerable | 2026-06-08 06:27:35.424753 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.