Caddy GeoIP Middleware <0.6.0: X-Forwarded-For Spoofing
CVE-2023-50463 Published on December 10, 2023

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

NVD

Products Associated with CVE-2023-50463

Want to know whenever a new CVE is published for Caddy Server Caddy Web Server? stack.watch will email you.

Caddy Server Caddy Web Server

Exploit Probability

EPSS

0.09%

Percentile

25.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Caddy GeoIP Middleware <0.6.0: X-Forwarded-For SpoofingCVE-2023-50463 Published on December 10, 2023

Products Associated with CVE-2023-50463

Exploit Probability

Caddy GeoIP Middleware <0.6.0: X-Forwarded-For Spoofing
CVE-2023-50463 Published on December 10, 2023