CVE-2020-37056
Unknown Unknown - Not Provided
IP Spoofing in Crystal Shard http-protection 0.2.0 Enables Bypass

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: VulnCheck

Description
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-31
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37056
EUVD
EUVD-2020-30926
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
crystal_shard http-protection 0.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Crystal Shard http-protection 0.2.0 is an IP spoofing issue where attackers can manipulate request headers such as X-Forwarded-For, X-Client-IP, and X-Real-IP by hardcoding consistent IP values. This manipulation allows them to bypass the protection middleware's security checks.

Impact Analysis

The vulnerability can allow attackers to circumvent security protections and gain unauthorized access to systems or resources by spoofing IP addresses in request headers, potentially leading to data breaches or other security incidents.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37056. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart