GHSA-67J6-XV27-W6WW Web Console (Ruby gem) contains whitelisted_ips bypass

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

Web Console (Ruby gem) contains whitelisted_ips bypass

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

CVE-2015-3224

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

CVE-2015-3224

CVE-2015-3224 affects Ruby on Rails Web Console (Web Console) prior to 2.1.3 when used with Rails 3.x/4.x. The root cause is improper restriction of X-Forwarded-For headers, allowing remote bypass of the whitelisted_ips protection via a crafted request. Exploitation is demonstrated in public advi...