Caddy · Caddy · CVE-2022-28923
**Name of the Vulnerable Software and Affected Versions**
Caddy version 2.4.6
**Description**
The issue allows attackers to redirect users to phishing websites via crafted URLs due to improper request sanitization. A crafted URL can cause the static file handler to redirect to an attacker-chosen URL, enabling open redirect attacks.
**Recommendations**
For Caddy version 2.4.6, update to a version that fixes the open redirection vulnerability.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.