Tag: python

All the articles with the tag "python".

[CVE-2025-46814] FastAPI Guard’s X-Forwarded-For Handling Lets Attackers Impersonate Trusted IPs

6 May, 2025

Versions of the fastapi-guard authentication library prior to 2.0.0 trust the X-Forwarded-For header without proper validation. A single crafted request is enough to bypass IP allow-lists and poison audit logs.

[CVE-2025-46814] FastAPI Guard’s X-Forwarded-For Handling Lets Attackers Impersonate Trusted IPs