All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
{ "nvd_published_at": "2024-02-17T05:15:10Z", "cwe_ids": [ "CWE-644" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-20T23:48:04Z" }