Unknown · Crystal Shard Http-Protection · CVE-2020-37056
**Name of the Vulnerable Software and Affected Versions**
Crystal Shard http-protection version 0.2.0
**Description**
The software contains an IP spoofing issue that allows attackers to bypass protection middleware. This is achieved by manipulating request headers to hardcode consistent IP values across the `X-Forwarded-For`, `X-Client-IP`, and `X-Real-IP` headers, circumventing security checks and potentially gaining unauthorized access.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability.