Phannguyenlong

**Name of the Vulnerable Software and Affected Versions** imgproxy versions prior to 3.27.2 **Description** The issue concerns imgproxy, a server for resizing, processing, and converting images. It does not block the `0.0.0.0` address, even when `IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES` is set to false. This can expose services on the local host. The problem arises because the check against loopback addresses is insufficient, as it strictly follows the definition of loopback IPs starting with `127`, and thus does not block `0.0.0.0`. **Recommendations** For imgproxy versions prior to 3.27.2, update to version 3.27.2 or later to resolve the issue. As a temporary workaround, consider restricting access to services on the local host to minimize the risk of exploitation. Avoid using the `0.0.0.0` address in configurations where `IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES` is set to false until the issue is resolved.