GHSA-82x2-g7vr-39wq

Опубликовано: 13 авг. 2018

Источник: github

Github: Прошло ревью

Описание

Moderate severity vulnerability that affects web-console

Withdrawn, accidental duplicate publish.

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2015-3224
https://github.com/advisories/GHSA-82x2-g7vr-39wq

Пакеты

Наименование

web-console

rubygems

Затронутые версииВерсия исправления

< 2.1.3

2.1.3