Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/rails@2.3
purl pkg:gem/rails@2.3
Tags Ghost
Next non-vulnerable version 6.1.7.7
Latest non-vulnerable version 7.1.3.1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-gsx2-9sc2-3fbr
Aliases:
CVE-2009-4214
GHSA-9p3v-wf2w-v29c
Moderate severity vulnerability that affects rails Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
2.3.5
Affected by 20 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:18:26.616797+00:00 Ruby Importer Affected by VCID-gsx2-9sc2-3fbr https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml 38.0.0