Rubyonrails: >> Web Console Security Vulnerabilities
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
CVSS Score
4.3
EPSS Score
0.868
Published
2015-07-26