Bhavya32

**Name of the Vulnerable Software and Affected Versions** Caido versions prior to 0.55.0 **Description** Caido is a web security auditing toolkit. Prior to version 0.55.0, the software blocks connections from non-whitelisted domains through the 8080 port, displaying a message indicating the Host/IP is not allowed to connect. This restriction can be bypassed by injecting an `X-Forwarded-Host: 127.0.0.1:8080` header. This bypass can lead to remote code execution. The software attempts to block connections to the 8080 port, but this protection is circumvented by manipulating the `X-Forwarded-Host` header. All endpoints are affected. **Recommendations** Update Caido to version 0.55.0 or later.