CVE-2011-3187

Priority
Description
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb
in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in
requests from IP addresses on a Class C network, which might allow remote
attackers to inject arbitrary text into log files or bypass intended
address parsing via a crafted header.
Notes
mdeslaurlooks like it's 3.x only
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:42:13 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)