GHSA-HWR4-MQ23-WCV5 mercure has Topic Selector Cache Key Collision

Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...

Header Injection

Overview Affected versions of this package are vulnerable to Header Injection in the parseCaddyfile function. An attacker can inject arbitrary values into trusted identity headers by supplying crafted HTTP headers when authenticated with a valid token, leading to unauthorized privilege escalation...

Header Injection

Overview Affected versions of this package are vulnerable to Header Injection in the parseCaddyfile function. An attacker can inject arbitrary values into trusted identity headers by supplying crafted HTTP headers when authenticated with a valid token, leading to unauthorized privilege escalation...

PT-2026-23796

Name of the Vulnerable Software and Affected Versions Caddy versions 2.10.0 through 2.11.1 Description Caddy is a server platform that utilizes TLS by default. A flaw exists in the forward auth functionality where the copy headers option fails to remove headers provided by the client. This can le...

openSUSE Security Advisory (openSUSE-SU-2024:0211-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Validation Of Array Index

github.com/greenpau/caddy-security is vulnerable to Improper Validation of Array Index. The vulnerability is due to improper checks when parsing a Caddyfile. Caddy-security fails to validate whether the input values are nil before attempting to access elements, which can lead to a panic index out...

CVE-2024-21493

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

Input validation

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

CVE-2024-21493

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

CVE-2024-21493

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

Improper Validation of Array Index

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are...