All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-02-17T05:00:07.518Z
Updated: 2024-08-01T22:20:40.577Z
Reserved: 2023-12-22T12:33:20.118Z
Link: CVE-2024-21494
Vulnrichment
Updated: 2024-08-01T22:20:40.577Z
NVD
Status : Awaiting Analysis
Published: 2024-02-17T05:15:09.077
Modified: 2024-11-21T08:54:32.973
Link: CVE-2024-21494
Redhat
No data.