Open Redirect in Caddy
Moderate severity
GitHub Reviewed
Published
Feb 7, 2023
to the GitHub Advisory Database
•
Updated May 20, 2024
Package
Affected versions
< 2.5.0-beta.1
Patched versions
2.5.0-beta.1
Description
Published by the National Vulnerability Database
Feb 6, 2023
Published to the GitHub Advisory Database
Feb 7, 2023
Reviewed
Feb 15, 2023
Last updated
May 20, 2024
Credits
-
J3rry-1729 Analyst
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
References