Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rxg9-hgq7-8pwx: Header spoofing in caddy-geo-ip

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

1 year ago

Header spoofing in caddy-geo-ip

Moderate severity GitHub Reviewed Published Dec 11, 2023 to the GitHub Advisory Database • Updated Dec 11, 2023

Related news

CVE-2023-50463: Security: trust_header overwrites req.RemoteAddr globally · Issue #4 · shift72/caddy-geo-ip

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

1 year ago

ghsa: Latest News

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

2 hours ago

GHSA-7w6r-748w-mh52: pgAdmin has Incorrect Default Permissions

9 hours ago

GHSA-q8fg-cp3q-5jwm: Mattermost Incorrect Authorization vulnerability

9 hours ago

GHSA-7rgp-4j56-fm79: Mattermost has Improper Check for Unusual or Exceptional Conditions

9 hours ago

GHSA-2549-xh72-qrpm: Mattermost Improper Validation of Specified Type of Input vulnerability

9 hours ago