Candidate: CVE-2009-4214
PublicDate: 2009-12-07 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
Description:
 Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby
 on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to
 inject arbitrary web script or HTML via vectors involving non-printing
 ASCII characters, related to HTML::Tokenizer and
 actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_rails:
 vendor: http://www.debian.org/security/2011/dsa-2301
upstream_rails: released (2.3.5)
dapper_rails: ignored (reached end-of-life)
hardy_rails: ignored (reached end-of-life)
intrepid_rails: needed (reached end-of-life)
jaunty_rails: ignored (reached end-of-life)
karmic_rails: ignored (reached end-of-life)
lucid_rails: not-affected (2.2.3-2)
maverick_rails: not-affected (2.3.5-1)
natty_rails: not-affected (2.3.5-1)
devel_rails: not-affected (2.3.5-1)