Sign in Book a demo Get started free

← All vulnerabilities

HIGHSupply chain

GHSA-QRP7-CVWR-J2C6

go · github.com/caddyserver/caddy/v2

Summary

Caddy: Windows `file_server` path authorization bypass via encoded backslash

References

Related vulnerabilities

All Supply chain →

HIGHGHSA-R4GV-QR8J-P3PG
handlebars.java FileTemplateLoader Path Traversal
HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
MEDIUMGHSA-4R4W-2WGP-W7CJ
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion
MEDIUMGHSA-J2C8-V969-8R5C
Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}
HIGHGHSA-VJQM-6GCC-62CR
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion