Candidate: CVE-2009-3009
PublicDate: 2009-09-08 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009
Description:
 Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3,
 and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web
 script or HTML by placing malformed Unicode strings into a form helper.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_rails:
upstream_rails: released (2.2.3)
dapper_rails: ignored (reached end-of-life)
hardy_rails: ignored (reached end-of-life)
intrepid_rails: needed (reached end-of-life)
jaunty_rails: ignored (reached end-of-life)
karmic_rails: not-affected (2.2.3-1)
lucid_rails: not-affected (2.2.3-1)
maverick_rails: not-affected (2.2.3-1)
natty_rails: not-affected (2.2.3-1)
devel_rails: not-affected (2.2.3-1)