Lucene search
K

6 matches found

OSV
OSV
added 2026/03/07 5:15 p.m.6 views

UBUNTU-CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS5.7AI score0.00401EPSS
Exploits1References5
CVE
CVE
added 2026/03/07 4:28 p.m.23 views

CVE-2026-30852

Caddy 2.x versions are affected: from 2.7.5 up to 2.11.2 (inclusive of 2.7.5 through 2.11.1) have a vulnerability in vars_regexp where user-controlled input is double-expanded by the replacer. If a header like X-Input contains a placeholder such as {http.request.header.X-Input}, the header value ...

7.5CVSS5.7AI score0.00401EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/07 4:28 p.m.3 views

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

6.9CVSS5.7AI score0.00401EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/03/07 4:28 p.m.5 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS7.7AI score0.00401EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.8 views

Caddy 信息泄露漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy from 2.7.5 to 2.11.2 had a vulnerability related to information leakage. This vulnerability stemmed from the varsregexp matcher’s double expansion of user inputs, which could lead to the...

7.5CVSS7.3AI score0.00401EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/06 11:40 p.m.8 views

Caddy's vars_regexp double-expands user input, leaking env vars and files

Summary The varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the header value gets resolved once expected, then passed through repl.ReplaceAll again the bug. This mean...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder