GHSA-fjhg-3mrh-mm7h

Suggest an improvement
Source
https://github.com/advisories/GHSA-fjhg-3mrh-mm7h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-fjhg-3mrh-mm7h/GHSA-fjhg-3mrh-mm7h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fjhg-3mrh-mm7h
Aliases
Published
2025-06-20T15:25:03Z
Modified
2025-06-27T23:26:05.225213Z
Severity
  • 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
DNN.PLATFORM possibly allows bypass of IP Filters
Details

DNN.PLATFORM allows a specially crafted request or proxy to be created that would bypass the design of DNN Login IP Filters allowing login attempts from IP Adresses not in the allow list. This vulnerability is fixed in 10.0.1.

Database specific 
{
    "nvd_published_at": "2025-06-21T03:15:24Z",
    "severity": "HIGH",
    "github_reviewed_at": "2025-06-20T15:25:03Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

NuGet / DNN.PLATFORM

Package

Name
DNN.PLATFORM
View open source insights on deps.dev
Purl
pkg:nuget/DNN.PLATFORM

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
10.0.1

Affected versions

7.*

7.2.0
7.3.0
7.4.0

8.*

8.0.0

9.*

9.1.0
9.2.0
9.4.0
9.9.0