CVE-2024-44930— serilog-enrichers-clientinfo 安全漏洞

N/A

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

N/A

N/A

serilog-enrichers-clientinfo 安全漏洞

serilog-enrichers-clientinfo是Serilog Contrib社区的一个工具。 serilog-enrichers-clientinfo v2.1.0之前版本存在安全漏洞，该漏洞源于存在客户端IP欺骗问题，允许攻击者在执行HTT 请求时通过将任意IP指定为X-Forwarded-For或Client-Ip标头的值来伪造其IP地址。

N/A

N/A