CVE-2011-3187 (retired)

Priority
Description
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb
in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in
requests from IP addresses on a Class C network, which might allow remote
attackers to inject arbitrary text into log files or bypass intended
address parsing via a crafted header.
Notes
 mdeslaur> looks like it's 3.x only
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:38:06 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)