CVE-2023-45132

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45132

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45132.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45132

Aliases

GHSA-7qjc-q4j9-pc8x

Published

2023-10-11T20:21:26Z

Modified

2025-11-04T20:14:50.816604Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For

Details

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX versions to also support IgnoreIP IgnoreCIDR when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any IgnoreIP IgnoreCIDR for older versions.

Database specific

{
    "cwe_ids": [
        "CWE-693"
    ]
}

References

Affected packages

Git / github.com/wargio/naxsi

Affected ranges

Type: GIT
Repo: https://github.com/wargio/naxsi
Events: Introduced

b77c17261aba04e749a5072b96f97294bf830149

Fixed

f74611640b76a798cdedcc3fa1147b69eaac969f

Affected versions

1.*

1.3

1.4

1.4rc1

1.5

1.5rc1