CVE-2024-21499

Summary

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.

Affected Software

VendorProductVersion RangeStatus
n/agithub.com/greenpau/caddy-security0 < *affected

Weaknesses

  • CWE-644: HTTP Header Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References