Caddysecurity Vulnerable to Improper Validation of Array Index
CVE-2024-21493

5.3MEDIUM

Key Information:

Vendor

github.com/greenpau/caddy-security

Status
Github.com/greenpau/caddy-security
Vendor
CVE Published:
17 February 2024

What is CVE-2024-21493?

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

github.com/greenpau/caddy-security 0

References

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENP...
https://blog.trailofbits.com/2023/09/18/security-flaws-in...
https://github.com/greenpau/caddy-security/issues/263

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maciej Domanski
Travis Peters
David Pokora
JSON
.