Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.7.12.0"
}
]
}