Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44930.json",
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:serilog-contrib:serilog-enrichers-clientinfo:*:*:*:*:*:*:*:*",
"source": [
"DESCRIPTION",
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "v2.1.0"
},
{
"fixed": "2.1.0"
}
]
}