HTTP Header Injection via X-Forwarded-Proto in github.com/greenpau/caddy-security

HTTP Header Injection via X-Forwarded-Proto in github.com/greenpau/caddy-security

CVE-2024-21499 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.

Learn more about our Web Application Penetration Testing UK.