/
CVE-2009-4214.yml
32 lines (32 loc) · 1.39 KB
/
CVE-2009-4214.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: rails
framework: rails
cve: 2009-4214
ghsa: 9p3v-wf2w-v29c
url: http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
title: Moderate severity XSS vulnerability that affects rails
date: 2017-10-24
description: |
Cross-site scripting (XSS) vulnerability in the strip_tags function
in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote
attackers to inject arbitrary web script or HTML via vectors involving
non-printing ASCII characters,related to HTML::Tokenizer and
actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
cvss_v2: 4.3
patched_versions:
- "~> 2.2.2"
- ">= 2.3.5"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2009-4214
- http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
- https://groups.google.com/g/rubyonrails-security/c/TU9x8q70wKs
- http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
- https://github.com/advisories/GHSA-9p3v-wf2w-v29c
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://support.apple.com/kb/HT4077
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htm
- http://www.debian.org/security/2011/dsa-2260
- http://www.debian.org/security/2011/dsa-2301
- http://www.openwall.com/lists/oss-security/2009/11/27/2
- http://www.openwall.com/lists/oss-security/2009/12/08/3