Description
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations. Version 2.11.1 fixes the issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Cross-Site Scripting (3.5.4)
WordPress Plugin Responsive WordPress Slider Cross-Site Scripting (2.2.0)
WordPress Plugin Search Exclude Security Bypass (1.2.2)
WordPress Plugin WP Support Plus Responsive Ticket System Security Bypass (7.1.4)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)