Vulnerability Report: GO-2023-2394
- CVE-2023-50463, GHSA-rxg9-hgq7-8pwx
- Affects: github.com/shift72/caddy-geo-ip
- Published: Jan 02, 2024
- Modified: May 20, 2024
The caddy-geo-ip (aka GeoIP) middleware for Caddy 2 allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2023-50463.
Affected Packages
-
PathGo VersionsSymbols
-
all versions, no known fixedall symbols
Aliases
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-50463
- https://github.com/shift72/caddy-geo-ip/issues/4
- https://vuln.go.dev/ID/GO-2023-2394.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.