{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:52:07.520","vulnerabilities":[{"cve":{"id":"CVE-2024-21497","sourceIdentifier":"report@snyk.io","published":"2024-02-17T05:15:09.863","lastModified":"2026-03-03T17:16:14.540","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package github.com/greenpau/caddy-security  are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection."},{"lang":"es","value":"Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a Open Redirect a través del parámetro redirect_url. Un atacante podría realizar un ataque de phishing y engañar a los usuarios para que visiten un sitio web malicioso creando una URL convincente con este parámetro. Para aprovechar esta vulnerabilidad, el usuario debe realizar una acción, como hacer clic en un botón del portal o usar el botón atrás del navegador, para activar la redirección."}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:greenpau:caddy-security:*:*:*:*:*:*:*:*","matchCriteriaId":"DC59AC36-173D-4F24-9F39-50F992A248B8"}]}]}],"references":[{"url":"https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/","source":"report@snyk.io","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/greenpau/caddy-security/issues/268","source":"report@snyk.io","tags":["Issue Tracking"]},{"url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861","source":"report@snyk.io","tags":["Third Party Advisory"]},{"url":"https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/greenpau/caddy-security/issues/268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}