CVE-2024-21493 MEDIUM

CVE-2024-21493

Vendor N/A
Product github.com/greenpau/caddy-security
Weakness CWE-129
Published February 17, 2024
Last update August 1, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

What the vulnerability does

01Description

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.

Key dates

02Disclosure timeline

February 17, 2024 CVE published
August 1, 2024 Record updated