Filtered by vendor Rubyonrails Subscriptions
Filtered by product Web Console Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-3224 1 Rubyonrails 1 Web Console 2024-11-21 N/A
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.