github.com/caddyserver/caddy

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/caddyserver/caddypage 1 of 1

CVE-2018-19148LOWCVSS 3.7EG 3.7✓ Fixed in 0.11.1
2018-11-10
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 …
CVE-2018-21246CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.10.13
2020-06-15
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
CVE-2022-29718MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.5.0
2022-06-02
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
CVE-2022-34037HIGHCVSS 7.5EG 7.5✓ Fixed in 2.5.2
2022-07-22
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerabili…

Check whether github.com/caddyserver/caddy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/caddyserver/caddy CVEs against the assets you own.

Start Free Scan →