Filtered by vendor Rubyonrails
Subscriptions
Filtered by product Web Console
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3224 | 1 Rubyonrails | 1 Web Console | 2024-08-06 | N/A |
| request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. | ||||
Page 1 of 1.