Product
high
advisory
Heimdall IP Spoofing via Unvalidated Forwarding Headers
2 rules 2 TTPsA high-severity vulnerability in dadrus/heimdall (versions <= 0.17.16) enables attackers to spoof client IP addresses by injecting unvalidated or malformed values into `Forwarded` or `X-Forwarded-For` HTTP headers, potentially bypassing access controls or propagating malicious IP data to upstream services when `trusted_proxies` is configured.
heimdall
ip-spoofing
access-bypass
web-application
github-advisory
2r
2t
high
threat
Heimdall Proxy Forwarded Header Injection via Unsanitized Host Header
1 rule 1 TTPAttackers can exploit Heimdall proxy versions <= 0.17.16 operating in proxy mode by injecting malicious values into the `Host` HTTP header, leading to the construction of a manipulated `Forwarded` header that can spoof client IP addresses for upstream services, potentially bypassing IP-based access controls.
exploited
Heimdall
header-injection
proxy
access-control-bypass
ip-spoofing
vulnerability
web
1r
1t