Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Caddy 安全漏洞
Vulnerability Description
Caddy是Caddy公司的一款开源、跨平台的HTTP/Web服务器。 Caddy存在安全漏洞,该漏洞源于输入清理不当,容易通过X-Forwarded-For标头进行欺骗而绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A