Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
{ "github_reviewed": true, "nvd_published_at": null, "severity": "CRITICAL", "cwe_ids": [ "CWE-287" ], "github_reviewed_at": "2022-10-06T22:58:56Z" }