Security Advisory

CVE-2020-37056

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-30 22:07:19

Last updated 2026-02-02 20:07:10

Assigner VulnCheck

State PUBLISHED

Description

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.

← Browse all CVEs View on cve.org ↗