AIKIDO-2026-10319
github.com/greenpau/caddy-security is vulnerable to Improper Validation of Array Index
53
Medium Risk
This Affects:
github.com/greenpau/caddy-securityTL;DR
Affected versions of this package contain multiple Caddyfile parsing functions that do not validate whether input values are nil before accessing elements, causing an index out of range panic. A crafted Caddyfile targeting the credentials, sso provider, or messaging directive parsers can crash the server during configuration loading. The patch adds length checks on the return value of RemainingArgs() before indexing into the slice.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/greenpau/caddy-security is vulnerable to Improper Validation of Array Index in versions 0.0.1 - 1.1.31.
How to fix this
Upgrade the github.com/greenpau/caddy-security library to the patch version.
Links
GitHub Release
Related Issue
Other
blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant