CVE-2009-4214: Moderate severity vulnerability that affects rails
4.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.81078%
CWE
Published
10/24/2017
Updated
11/9/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
rails | rubygems | < 2.2.2 | 2.2.2 |
rails | rubygems | >= 2.3.0, < 2.3.5 | 2.3.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from HTML::Tokenizer's handling of non-printable characters in tag names. The critical change in node.rb modifies the regular expression that identifies HTML tag names during parsing. The original regex [\w:-]+ didn't account for non-printing characters (\x00-\x1f range), allowing attackers to craft tags with these characters that would bypass sanitization. This parse method is directly responsible for tokenizing HTML input for strip_tags, making it the core vulnerable function. The test case addition in sanitizer_test.rb demonstrates how non-printable characters could be used to create valid tags that should be stripped.