GHSA-2927-hv3p-f3vp

Source

https://github.com/advisories/GHSA-2927-hv3p-f3vp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-2927-hv3p-f3vp/GHSA-2927-hv3p-f3vp.json

Aliases

CVE-2022-29718

Published

2022-06-03T00:00:29Z

Modified

2023-11-08T04:09:14.441562Z

Details

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-29718
https://github.com/caddyserver/caddy/pull/4499
https://github.com/caddyserver/caddy/pull/4499/commits/b23bdcf99cfbd09d50555a999a16468404789230
https://github.com/caddyserver/caddy
https://github.com/caddyserver/caddy/releases/tag/v2.5.0
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C

Affected packages

Go / github.com/caddyserver/caddy

Package

Name: github.com/caddyserver/caddy

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.5.0

Go / github.com/caddyserver/caddy/v2

Package

Name: github.com/caddyserver/caddy/v2

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.5.0