CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
Configurations

Configuration 1 (hide)

cpe:2.3:a:serilog-contrib:serilog-enrichers-clientinfo:*:*:*:*:*:*:*:*

History

04 Sep 2024, 19:35

Type Values Removed Values Added
CWE CWE-79

04 Sep 2024, 12:59

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Serilog-contrib
Serilog-contrib serilog-enrichers-clientinfo
CPE cpe:2.3:a:serilog-contrib:serilog-enrichers-clientinfo:*:*:*:*:*:*:*:*
References () https://github.com/serilog-contrib/serilog-enrichers-clientinfo/issues/29 - () https://github.com/serilog-contrib/serilog-enrichers-clientinfo/issues/29 - Issue Tracking
References () https://github.com/serilog-contrib/serilog-enrichers-clientinfo/releases/tag/v2.1.0 - () https://github.com/serilog-contrib/serilog-enrichers-clientinfo/releases/tag/v2.1.0 - Release Notes

30 Aug 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Se descubrió que Serilog anterior a v2.1.0 contenía una vulnerabilidad de suplantación de IP de cliente, que permite a los atacantes falsificar sus direcciones IP especificando una IP arbitraria como valor de los encabezados X-Forwarded-For o Client-Ip mientras realizan solicitudes HTTP.

29 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 18:15

Updated : 2024-09-04 19:35


NVD link : CVE-2024-44930

Mitre link : CVE-2024-44930

CVE.ORG link : CVE-2024-44930


JSON object : View

Products Affected

serilog-contrib

  • serilog-enrichers-clientinfo
CWE
NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')