Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Caddy 安全漏洞
Vulnerability Description
Caddy是Caddy公司的一款开源、跨平台的HTTP/Web服务器。 Caddy-geo-ip(GeoIP)0.6.0版本存在安全漏洞,该漏洞源于当使用 trust_header X-Forwarded-For 时,允许攻击者通过 X-Forwarded-For 标头欺骗其源 IP 地址,可能会绕过保护机制。
CVSS Information
N/A
Vulnerability Type
N/A