CVE-2009-3009 – activesupport

Package

Manager: gem
Name: activesupport
Vulnerable Version: >=2.0.0 <2.2.3 || >=2.3.0 <2.3.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01632 pctl0.81193

Details

Cross site scripting that affects rails Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2025-04-09T19:51:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-8qrh-h9m2-5fvf/GHSA-8qrh-h9m2-5fvf.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-8qrh-h9m2-5fvf
Finding: F425
Auto approve: 1