CVE-2015-3224
CVE-2015-3224 affects Ruby on Rails Web Console (Web Console) prior to 2.1.3 when used with Rails 3.x/4.x. The root cause is improper restriction of X-Forwarded-For headers, allowing remote bypass of the whitelisted_ips protection via a crafted request. Exploitation is demonstrated in public advi...