CVE-2024-44930
29.08.2024, 18:15
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
| Vendor | Product | Version |
|---|---|---|
| serilog-contrib | serilog-enrichers-clientinfo | 𝑥 < 2.1.0 |
𝑥
= Vulnerable software versions