CVE-2009-4214
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2009-4214
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-4214.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2009-4214
- Aliases
- Downstream
- Published
- 2009-12-07T17:30:00Z
- Modified
- 2025-08-09T19:01:26Z
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb.
- References
-
- http://secunia.com/advisories/37446
- http://secunia.com/advisories/38915
- http://www.debian.org/security/2011/dsa-2260
- http://www.debian.org/security/2011/dsa-2301
- http://www.vupen.com/english/advisories/2009/3352
- http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
- http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
- http://www.securityfocus.com/bid/37142
- http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://support.apple.com/kb/HT4077
- http://www.openwall.com/lists/oss-security/2009/11/27/2
- http://www.openwall.com/lists/oss-security/2009/12/08/3
- http://www.securitytracker.com/id?1023245