Floragasse 7 – 5th floor, 1040 Vienna

News

SBA master student discovers flaw in Ruby on Rails

Rails 3.0.5 doesn’t validate the input for the X-Forwarded-For field in the header sent by clients with a class C remote-addr. (see: TRUSTED_PROXIES). (Security Focus, more details…)