CVE-2011-2931: actionpack Cross-site Scripting vulnerability
4.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.73282%
CWE
Published
10/24/2017
Updated
11/10/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
actionpack | rubygems | >= 2.0.0, < 2.3.13 | 2.3.13 |
actionpack | rubygems | >= 3.0.0, < 3.0.10 | 3.0.10 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from the HTML parser's handling of tag names in the Node.parse method. The original regex (/[\w:-]+/) only matched valid tag name characters, causing invalid tags to be treated as text nodes rather than stripped. Attackers could craft tags with invalid characters (e.g., <" <img...>
) that bypassed the filter. The patch replaced the regex with /[^\s!>/]+/ to explicitly exclude invalid characters, ensuring such tags are stripped. The test case added in sanitizer_test.rb demonstrates this fix by verifying that a tag with an invalid name and embedded XSS payload is removed.