Filtered by vendor Rubyonrails
Subscriptions
Filtered by product Web Console
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-3224 | 1 Rubyonrails | 1 Web Console | 2024-11-21 | N/A |
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. |
Page 1 of 1.