CVE-2023-50463
N/A
N/A
Summary
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/shift72/caddy-geo-ip/issues/4
- https://github.com/shift72/caddy-geo-ip/tags
- https://caddyserver.com/v2
References
- https://github.com/shift72/caddy-geo-ip/issues/4
- https://github.com/shift72/caddy-geo-ip/tags
- https://caddyserver.com/v2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.