Miggo Logo

CVE-2011-2931: actionpack Cross-site Scripting vulnerability

4.3

CVSS Score

Basic Information

EPSS Score
0.73282%
Published
10/24/2017
Updated
11/10/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
actionpackrubygems>= 2.0.0, < 2.3.132.3.13
actionpackrubygems>= 3.0.0, < 3.0.103.0.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from the HTML parser's handling of tag names in the Node.parse method. The original regex (/[\w:-]+/) only matched valid tag name characters, causing invalid tags to be treated as text nodes rather than stripped. Attackers could craft tags with invalid characters (e.g., <" <img...>) that bypassed the filter. The patch replaced the regex with /[^\s!>/]+/ to explicitly exclude invalid characters, ensuring such tags are stripped. The test case added in sanitizer_test.rb demonstrates this fix by verifying that a tag with an invalid name and embedded XSS payload is removed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** `strip_t**s` **lp*r in `**tionp**k/li*/**tion_*ontroll*r/v*n*or/*tml-s**nn*r/*tml/no**.r*` in Ru*y on R*ils ***or* *.*.**, *.*.x ***or* *.*.**, *n* *.*.x ***or* *.*.*.r** *llows r*mot* *tt**k*rs to inj*

Reasoning

T** vuln*r**ility st*mm** *rom t** *TML p*rs*r's **n*lin* o* t** n*m*s in t** No**.p*rs* m*t*o*. T** ori*in*l r***x (/[\w:-]+/) only m*t**** v*li* t** n*m* ***r**t*rs, **usin* inv*li* t**s to ** tr**t** *s t*xt no**s r*t**r t**n stripp**. *tt**k*rs *