Skip to main content

Use of Less Trusted Source

CVE-2024-44930

Severity Medium
Score 6.5/10

Summary

Serilog prior to 2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-348 - Use of Less Trusted Source

The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

Advisory Timeline

  • Published