# File lib/brakeman/checks/check_strip_tags.rb, line 25
  def cve_2011_2931
    if version_between?('2.0.0', '2.3.12') or version_between?('3.0.0', '3.0.9')
      if rails_version =~ /^3/
        message = msg("Versions before 3.0.10 have a vulnerability in ", msg_code("strip_tags"), " ", msg_cve("CVE-2011-2931"))
      else
        message = msg("Versions before 2.3.13 have a vulnerability in ", msg_code("strip_tags"), " ", msg_cve("CVE-2011-2931"))
      end

      warn :warning_type => "Cross-Site Scripting",
        :warning_code => :CVE_2011_2931,
        :message => message,
        :gem_info => gemfile_or_environment,
        :confidence => :high,
        :link_path => "https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion"
    end
  end