Use of Less Trusted Source
CVE-2024-44930
Summary
Serilog prior to 2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-348 - Use of Less Trusted Source
The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
References
Advisory Timeline
- Published