CVE-2020-37056
Unknown
Unknown - Not Provided
IP Spoofing in Crystal Shard http-protection 0.2.0 Enables Bypass
Publication date: 2026-01-30
Last updated on: 2026-01-30
Assigner: VulnCheck
Description
Description
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crystal_shard | http-protection | 0.2.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Crystal Shard http-protection 0.2.0 is an IP spoofing issue where attackers can manipulate request headers such as X-Forwarded-For, X-Client-IP, and X-Real-IP by hardcoding consistent IP values. This manipulation allows them to bypass the protection middleware's security checks.
How can this vulnerability impact me? :
The vulnerability can allow attackers to circumvent security protections and gain unauthorized access to systems or resources by spoofing IP addresses in request headers, potentially leading to data breaches or other security incidents.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70