Описание
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
Пакеты
Наименование
github.com/greenpau/caddy-security
go
Затронутые версииВерсия исправления
<= 1.1.23
Отсутствует
Связанные уязвимости
CVSS3: 4.3
nvd
почти 2 года назад
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.