If you're relying on blocking access to localhost using the default 0.0.0.0
filter this can be bypassed using other registered loopback devices (like 127.0.0.2
- 127.127.127.127
)
You can block this bypass by manually adding the 127.0.0.0/8
CIDR range which will block access to any 127.X.X.X
ip instead of just 127.0.0.1
.
{ "nvd_published_at": "2024-09-18T17:15:19Z", "cwe_ids": [ "CWE-284", "CWE-918" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-18T17:42:05Z" }