CVE-2015-3224 Report

CVE Ruby on Rails Report

request.rb in Web Console before 2.1.3, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

24 October 2022

Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks

CSRF Web Frameworks Report

A summary of a research paper on Cross Site Request Forgery.

29 September 2022