CVE-2009-4214

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions prior to 2.2.s Ruby on Rails versions 2.3.x prior to 2.3.5

Description A cross-site scripting (XSS) issue exists due to a vulnerability in the strip tags function, allowing remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters. This issue is related to HTML::Tokenizer and the html-scanner module in actionpack/lib/action controller/vendor/html-scanner/html/node.rb.

Recommendations For Ruby on Rails versions prior to 2.2.s, update to version 2.2.s or later to resolve the issue. For Ruby on Rails versions 2.3.x prior to 2.3.5, update to version 2.3.5 or later to resolve the issue.