CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2017-5963 — MEDIUM severity vulnerability | Release Alert
CVE-2017-5963
4.3
MEDIUMCVSS v2
Published
February 12, 2017
Affected
5 projects
Assigned by
MITRE
Severity scale
010
Description
An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
ChocolateyCaddy is a powerful, extensible platform to serve your sites, services, and apps, written in Go.
## Features
- **Easy configuration** with the [Caddyfile](https://caddyserver.com/docs/caddyfile)
- **Powerful configuration** with its [native JSON config](https://caddyserver.com/docs/json/)
- **Dynamic configuration** with the [JSON API](https://caddyserver.com/docs/api)
- [**Config adapters**](https://caddyserver.com/docs/config-adapters) if you don't like JSON
- **Automatic HTTPS** by default
- [Let's Encrypt](https://letsencrypt.org) for public sites
- Fully-managed local CA for internal names & IPs
- Can coordinate with other Caddy instances in a cluster
- **Stays up when other servers go down** due to TLS/OCSP/certificate-related issues
- **HTTP/1.1, HTTP/2, and experimental HTTP/3** support
- **Highly extensible** [modular architecture](https://caddyserver.com/docs/architecture) lets Caddy do anything without bloat
- **Runs anywhere** with **no external dependencies** (not even libc)
- Written in Go, a language with higher **memory safety guarantees** than other servers
## Notes
- This packages installs caddy with standard [modules](https://caddyserver.com/docs/modules) only. If you need to install caddy with additional packages you need to build it with those packages included. You can use official caddy [download](https://caddyserver.com/download) page to select and build custom caddy version. Its not possible at this moment to do this via package unless it reimplements custom build.
RubyGems Caddy is an asynchronously refreshed cache that is updated on an interval to store objects that you can access quickly during requests.
Caddy is great for storing information like feature flags -- accessed extremely frequently during many requests, updated relatively rarely and usually safe to be stale by some small duration.