GHSA-GX7W-56W6-G48X Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching

AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...

@fastify/middie security vulnerabilities

@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie prior to 9.1.0 contained security vulnerabilities. These vulnerabilities were due to improper path prefix matching, which could allow the middleware to bypass security checks...