2 matches found
CVE-2024-21499
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...
CVE-2024-21499
The CVE-2024-21499 entry concerns the Go package github.com/greenpau/caddy-security. Affected component is the HTTP handling logic related to the X-Forwarded-Proto header, which enables HTTP header injection by redirecting to the injected protocol. Documented impact states that exploitation could...