logo

Database

Lack of data validation In github.com/greenpau/caddy-security

Description

Improper Validation of Array Index in github.com/greenpau/caddy-security All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-214932. NVD-2024-214933. OSV-2024-214934. GCVE-2024-21493

References

1. https://github.com/greenpau/caddy-security/issues/2632. https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-HB5OV – Vulnerability | Fluid Attacks Database