Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
Vulnerability Description
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
http-protection 安全漏洞
Vulnerability Description
http-protection是Rogério Zambon个人开发者的一个网络攻击防护库。 http-protection 0.2.0版本存在安全漏洞,该漏洞源于IP欺骗,可能导致攻击者绕过保护中间件并获取未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A