Miggo Logo

CVE-2009-4214: Moderate severity vulnerability that affects rails

4.3

CVSS Score

Basic Information

EPSS Score
0.81078%
Published
10/24/2017
Updated
11/9/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
railsrubygems< 2.2.22.2.2
railsrubygems>= 2.3.0, < 2.3.52.3.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from HTML::Tokenizer's handling of non-printable characters in tag names. The critical change in node.rb modifies the regular expression that identifies HTML tag names during parsing. The original regex [\w:-]+ didn't account for non-printing characters (\x00-\x1f range), allowing attackers to craft tags with these characters that would bypass sanitization. This parse method is directly responsible for tokenizing HTML input for strip_tags, making it the core vulnerable function. The test case addition in sanitizer_test.rb demonstrates how non-printable characters could be used to create valid tags that should be stripped.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** strip_t**s *un*tion in Ru*y on R*ils ***or* *.*.s, *n* *.*.x ***or* *.*.*, *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* v**tors involvin* non-printin* *S*II ***r**t*rs, r*l*t** to

Reasoning

T** vuln*r**ility st*ms *rom *TML::Tok*niz*r's **n*lin* o* non-print**l* ***r**t*rs in t** n*m*s. T** *riti**l ***n** in no**.r* mo*i*i*s t** r**ul*r *xpr*ssion t**t i**nti*i*s *TML t** n*m*s *urin* p*rsin*. T** ori*in*l r***x [\w:-]+ *i*n't ***ount