Novell Home

CVE-2009-4214

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-4214 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 558879

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise SDK 11 GA
  • rubygem-actionpack-2_1 >= 2.1.2-1.4.1
sle11-sdk.ia64
sle11-sdk.x86-64
sle11-sdk.s390x
sle11-sdk.x86
sle11-sdk.ppc
SAT Patch Nr: 1936
openSUSE 11.0
  • rubygem-actionpack >= 1.13.5-71.4
openSUSE 11.1
  • rubygem-actionpack >= 2.1.1-2.6.1
  • rubygem-actionpack-2_1 >= 2.1.1-2.25.1
openSUSE 11.2
  • rubygem-actionpack >= 2.3.2-2.2.1
SUSE Linux Enterprise SDK 10 SP2
  • rubygem-actionpack-2_0 >= 2.0.2-0.8.2
sle10-sp2-sdk.x86
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ia64
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.ppc
ZYPP Patch Nr: 6872
SUSE Lifecycle Management Server
SUSE Studio Onsite
SUSE Webyast
  • rubygem-actionpack-2_3 >= 2.3.4-0.5.1
slms1.x86-64
SAT Patch Nr: 2001
SUSE Linux Enterprise SDK 10 SP3
  • rubygem-actionpack-2_0 >= 2.0.2-0.9.1
sle10-sp3-sdk.ia64
sle10-sp3-sdk.ppc
sle10-sp3-sdk.x86
sle10-sp3-sdk.s390x
sle10-sp3-sdk.x86-64
ZYPP Patch Nr: 6874
SUSE Linux Enterprise SDK 10 SP2
  • rubygem-actionpack-1_12 >= 1.12.5-0.8.1
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.x86
sle10-sp2-sdk.ppc
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ia64
ZYPP Patch Nr: 6877
openSUSE 11.2
  • rubygem-actionpack-2_3 >= 2.3.2-4.4.1
SUSE Linux Enterprise SDK 10 SP3
  • rubygem-actionpack-1_12 >= 1.12.5-0.8.1
sle10-sp3-sdk.x86
sle10-sp3-sdk.ppc
sle10-sp3-sdk.ia64
sle10-sp3-sdk.s390x
sle10-sp3-sdk.x86-64
ZYPP Patch Nr: 6878

© 2014 Novell