Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3
CVE-2024-21498
- EPSS 0.09%
- Veröffentlicht 17.02.2024 05:15:10
- Zuletzt bearbeitet 21.11.2024 08:54:33
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit ot...
6.5
CVE-2024-21500
- EPSS 0.05%
- Veröffentlicht 17.02.2024 05:15:10
- Zuletzt bearbeitet 03.04.2025 16:12:19
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts...
6.1
CVE-2023-52430
- EPSS 1.18%
- Veröffentlicht 12.02.2024 23:15:08
- Zuletzt bearbeitet 06.05.2025 19:15:59
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.
1