CVE-2024-44930

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Serilog versions prior to 2.1.0

Description The issue allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. This enables attackers to spoof their client IP, potentially leading to security issues. The vulnerability is related to the X-Forwarded-For and Client-Ip headers in HTTP requests.

Recommendations For Serilog versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the trust of the X-Forwarded-For header in the Serilog configuration to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-348CWE-79

Related Identifiers

CVE-2024-44930

GHSA-5X5Q-CQF6-GJ8R

Affected Products

Serilog

CVE-2024-44930

Weakness Enumeration

Related Identifiers

Affected Products

References · 12