logo

Database

Uncontrolled external site redirect In github.com/caddyserver/caddy

Description

Open redirect in caddy Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-297182. NVD-2022-297183. OSV-2022-297184. GCVE-2022-29718

References

1. https://github.com/caddyserver/caddy/pull/44992. https://github.com/caddyserver/caddy/pull/4499/commits/b23bdcf99cfbd09d50555a999a164684047892303. https://github.com/caddyserver/caddy/releases/tag/v2.5.04. https://lists.fedoraproject.org/archives/list/[email protected]/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.