CVE-2024-21493

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 17, 2024

Updated: Feb 20, 2024

CWE ID 129

Summary

CVE-2024-21493 is a vulnerability affecting all versions of the package github.com/greenpau/caddy-security. This issue arises due to improper validation of array index during the parsing of a Caddyfile. Multiple functions in the affected library fail to check whether input values are nil before accessing their elements, leading to a panic (index out of range). The ensuing panics during configuration file parsing can result in ambiguity and potential security vulnerabilities, compromising the correct interpretation and configuration of the web server.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ujPUVU
https://www.cve.org/CVERecord?id=CVE-2024-21493
https://nvd.nist.gov/vuln/detail/CVE-2024-21493

Back to Vulnerability Database

CVE-2024-21493

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations