github.com/greenpau/caddy-security (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/greenpau/caddy-security, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2024-21495 — CVSS 6.5 (medium): Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure…
CVE-2023-52430 — CVSS 6.1 (medium): The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with…
CVE-2024-21496 — CVSS 6.1 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to…
CVE-2024-21497 — CVSS 5.4 (medium): Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker…
CVE-2024-21494 — CVSS 5.4 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For…
CVE-2024-21493 — CVSS 5.3 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a…
CVE-2024-21498 — CVSS 5.3 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host…
CVE-2024-21500 — CVSS 4.8 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts…
CVE-2024-21492 — CVSS 4.8 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user…
CVE-2024-21499 — CVSS 4.3 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due…