Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Caddy: vars_regexp double-expands user input, leaking env vars and files
Vulnerability Description
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When vars_regexp matches against a placeholder like {http.request.header.X-Input}, the header value gets resolved once (expected), then passed through repl.ReplaceAll() again (the bug). This means an attacker can put {env.DATABASE_URL} or {file./etc/passwd} in a request header and the server will evaluate it, leaking environment variables, file contents, and system info. This issue has been patched in version 2.11.2.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Caddy 信息泄露漏洞
Vulnerability Description
Caddy是Caddy公司的一款开源、跨平台的HTTP/Web服务器。 Caddy 2.7.5版本至2.11.2之前版本存在信息泄露漏洞,该漏洞源于vars_regexp匹配器对用户输入进行双重扩展,可能导致环境变量和文件内容泄露。
CVSS Information
N/A
Vulnerability Type
N/A