Directus vulnerable to SSRF Loopback IP filter bypass

Impact If you're relying on blocking access to localhost using the default 0.0.0.0 filter this can be bypassed using other registered loopback devices like 127.0.0.2 - 127.127.127.127 Workaround You can block this bypass by manually adding the 127.0.0.0/8 CIDR range which will block access to any...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

CVE-2020-22001

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local loopback IP address value allowing remote control of the smart home solution...