VYPR

RubyGems package

web-console

pkg:gem/web-console

Vulnerabilities (1)

  • CVE-2015-3224Jul 26, 2015
    affected < 2.1.3fixed 2.1.3

    request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted reque