Vulnerability Details CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.2%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-44930
-
cpe:2.3:a:serilog-contrib:serilog-enrichers-clientinfo:*