How severe is CVE-2020-37056?

CVE-2020-37056 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2020-37056

9.8CRITICAL

Published: 1/30/2026Updated: 1/30/2026

Description

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.

AI AnalysisPowered by AI

References

https://github.com/rogeriozambon/http-protection
https://www.exploit-db.com/exploits/48533
https://www.vulncheck.com/advisories/crystal-shard-http-protection-ip-spoofing-bypass