Description
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
Remediation
References
Related Vulnerabilities
WordPress Plugin Site Reviews CSV Injection (6.2.0)
Envoy Proxy CVE-2023-27496 Vulnerability (CVE-2023-27496)
WordPress Plugin Simple File List Multiple Vulnerabilities (3.2.4)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4097)
WordPress Plugin Adsense Extreme 'adsensextreme[lang]' Parameter Remote File Include (1.0.3)