VYPR

rpm package

opensuse/ruby3.2-rubygem-web-console&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ruby3.2-rubygem-web-console&distro=openSUSE%20Tumbleweed

Vulnerabilities (1)

  • CVE-2015-3224Jul 26, 2015
    affected < 4.2.0-1.9fixed 4.2.0-1.9

    request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted reque