[CRITICAL] Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header

PKSA-m63z-24sm-jgzh CVE-2020-13485 GHSA-wxvr-qqm7-6h65

Affected package: verbb/knock-knock

Affected version: <1.2.8

Reported by:
GitHub