Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/rails@2.3

Type gem

Namespace

Name rails

Version 2.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.1.7.7

Latest_non_vulnerable_version 7.1.3.1

Affected_by_vulnerabilities

url VCID-7g2f-y978-hqgr

vulnerability_id VCID-7g2f-y978-hqgr

summary

Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

references

reference_url

http://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails

reference_url

http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4214

reference_id

reference_type

scores

value	0.01632
scoring_system	epss
scoring_elements	0.8221
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214

reference_url

http://secunia.com/advisories/37446

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/37446

reference_url

http://secunia.com/advisories/38915

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/38915

reference_url

https://github.com/advisories/GHSA-9p3v-wf2w-v29c

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9p3v-wf2w-v29c

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-4214

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-4214

reference_url

http://support.apple.com/kb/HT4077

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.apple.com/kb/HT4077

reference_url

http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released

reference_url

http://www.debian.org/security/2011/dsa-2260

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2260

reference_url

http://www.debian.org/security/2011/dsa-2301

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2301

reference_url

http://www.openwall.com/lists/oss-security/2009/11/27/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/27/2

reference_url

http://www.openwall.com/lists/oss-security/2009/12/08/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/12/08/3

reference_url

http://www.securityfocus.com/bid/37142

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/37142

reference_url

http://www.securitytracker.com/id?1023245

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id?1023245

reference_url

http://www.vupen.com/english/advisories/2009/3352

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2009/3352

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=542786
reference_id	542786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=542786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id	558685
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url pkg:gem/rails@2.3.5

purl pkg:gem/rails@2.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42t7-kbeq-eqcm

vulnerability	VCID-5t76-mwx9-8kc8

vulnerability	VCID-6z21-pd9d-pfgk

vulnerability	VCID-7g2f-y978-hqgr

vulnerability	VCID-832g-x9kb-3bbx

vulnerability	VCID-ejgq-s79w-abd6

vulnerability	VCID-fr3w-ejk8-47gw

vulnerability	VCID-g13k-qvy7-q3fk

vulnerability	VCID-g2a6-uem4-uuce

vulnerability	VCID-hh65-ycrj-d7gz

vulnerability	VCID-hmy5-ekrx-1ucn

vulnerability	VCID-k6aw-heeb-wke2

vulnerability	VCID-q1rj-sqa4-q3b4

vulnerability	VCID-q4zs-hq6a-ayf6

vulnerability	VCID-tjcm-cvtx-jbgt

vulnerability	VCID-usyz-95tu-hyca

vulnerability	VCID-vs1a-m7ya-rue8

vulnerability	VCID-w8ez-zf1z-qubq

vulnerability	VCID-wm9p-z4n1-t7cs

vulnerability	VCID-z16b-zfgu-13a9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.5

aliases CVE-2009-4214, GHSA-9p3v-wf2w-v29c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7g2f-y978-hqgr

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3

Package Instance