CVE-2024-21499: Improper Neutralization of HTTP Headers for Scripting Syntax
(updated )
All versions of the package github.com/greenpau/caddy-security is vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.
References
Detect and mitigate CVE-2024-21499 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →