Caddy Web Server Authentication Bypass by Spoofing Vulnerability - CVE-2023-50463
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2 when trust_header X-Forwarded-For is used allows attackers to spoof their source IP address via an X-Forwarded-For header which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).