Vulnerability Report: GO-2023-2394

CVE-2023-50463, GHSA-rxg9-hgq7-8pwx
Affects: github.com/shift72/caddy-geo-ip
Published: Jan 02, 2024

The caddy-geo-ip (aka GeoIP) middleware for Caddy 2 allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2023-50463.

Affected Packages

Path

Versions

Symbols
github.com/shift72/caddy-geo-ip

all versions, no known fixed

all symbols

Aliases

CVE-2023-50463
GHSA-rxg9-hgq7-8pwx

References

https://nvd.nist.gov/vuln/detail/CVE-2023-50463
https://github.com/shift72/caddy-geo-ip/issues/4
https://vuln.go.dev/ID/GO-2023-2394.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL