Vulnerabilities > CVE-2024-44930 - Unspecified vulnerability in Serilog-Contrib Serilog-Enrichers-Clientinfo

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

serilog-contrib

NVD

Published: 2024-08-29

Updated: 2024-09-04

Summary

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

Vulnerable Configurations

Part	Description	Count
Application	Serilog-Contrib Serilog Contrib Serilog Enrichers Clientinfo *	1

References

https://github.com/serilog-contrib/serilog-enrichers-clientinfo/issues/29
https://github.com/serilog-contrib/serilog-enrichers-clientinfo/releases/tag/v2.1.0