Vulnerabilities > Rubyonrails > WEB Console > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-26 | CVE-2015-3224 | Improper Access Control vulnerability in Rubyonrails web Console 2.1.2 request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. | 4.3 |