{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21493", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-12-22T12:33:20.118Z", "datePublished": "2024-02-17T05:00:08.927Z", "dateUpdated": "2024-08-01T22:20:40.991Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"}}], "credits": [{"value": "Maciej Domanski", "lang": "en"}, {"value": "Travis Peters", "lang": "en"}, {"value": "David Pokora", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "Improper Validation of Array Index", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-03-06T14:09:47.512Z"}, "descriptions": [{"value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078"}, {"url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/"}, {"url": "https://github.com/greenpau/caddy-security/issues/263"}], "affected": [{"product": "github.com/greenpau/caddy-security", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-20T18:44:32.300528Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:47.850Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:20:40.991Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078", "tags": ["x_transferred"]}, {"url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/", "tags": ["x_transferred"]}, {"url": "https://github.com/greenpau/caddy-security/issues/263", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078", "tags": ["x_transferred"]}, {"url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/", "tags": ["x_transferred"]}, {"url": "https://github.com/greenpau/caddy-security/issues/263", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:20:40.991Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-20T18:44:32.300528Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.999Z"}}], "cna": {"credits": [{"lang": "en", "value": "Maciej Domanski"}, {"lang": "en", "value": "Travis Peters"}, {"lang": "en", "value": "David Pokora"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "github.com/greenpau/caddy-security", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078"}, {"url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/"}, {"url": "https://github.com/greenpau/caddy-security/issues/263"}], "descriptions": [{"lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-129", "description": "Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-03-06T14:09:47.512Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21493", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:20:40.991Z", "dateReserved": "2023-12-22T12:33:20.118Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2024-02-17T05:00:08.927Z", "assignerShortName": "snyk"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server."}, {"lang": "es", "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a una validaci\u00f3n incorrecta del \u00edndice de matriz al analizar un Caddyfile. Varias funciones de an\u00e1lisis en la librer\u00eda afectada no validan si sus valores de entrada son nulos antes de intentar acceder a los elementos, lo que puede provocar p\u00e1nico (\u00edndice fuera de rango). Los p\u00e1nicos durante el an\u00e1lisis de un archivo de configuraci\u00f3n pueden introducir ambig\u00fcedad y vulnerabilidades, dificultando la correcta interpretaci\u00f3n y configuraci\u00f3n del servidor web."}], "id": "CVE-2024-21493", "lastModified": "2024-11-21T08:54:32.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2024-02-17T05:15:08.747", "references": [{"source": "report@snyk.io", "url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/"}, {"source": "report@snyk.io", "url": "https://github.com/greenpau/caddy-security/issues/263"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/greenpau/caddy-security/issues/263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "report@snyk.io", "type": "Secondary"}]}

{}

{}