Security Advisories for github.com/caddyserver/caddy/v2 in go
Moderate
14 days ago
Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching
go
github.com/caddyserver/caddy/v2
Moderate
14 days ago
Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization
go
github.com/caddyserver/caddy/v2
High
15 days ago
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
go
github.com/caddyserver/caddy/v2
High
3 months ago
Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport
go
github.com/caddyserver/caddy/v2
Moderate
3 months ago
Caddy is vulnerable to cross-origin config application via local admin API /load
go
github.com/caddyserver/caddy/v2
High
3 months ago
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
go
github.com/caddyserver/caddy/v2
High
3 months ago
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
go
github.com/caddyserver/caddy/v2
High
3 months ago
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed
go
github.com/caddyserver/caddy/v2
Moderate
3 months ago
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections
go
github.com/caddyserver/caddy/v2
Moderate
almost 4 years ago
Open redirect in caddy
go
github.com/caddyserver/caddy/v2, github.com/caddyserver/caddy