Lucene search

GoogleOSV:CVE-2024-44930

HistoryAug 29, 2024 - 6:15 p.m.

CVE-2024-44930

2024-08-2918:15:14

Google

osv.dev

serilog v2.0.0

client ip spoofing

http requests

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

References

github.com/serilog-contrib/serilog-enrichers-clientinfo/issues/29

github.com/serilog-contrib/serilog-enrichers-clientinfo/releases/tag/v2.1.0

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for OSV:CVE-2024-44930