def cve_2011_2931
if version_between?('2.0.0', '2.3.12') or version_between?('3.0.0', '3.0.9')
if rails_version =~ /^3/
message = msg("Versions before 3.0.10 have a vulnerability in ", msg_code("strip_tags"), " ", msg_cve("CVE-2011-2931"))
else
message = msg("Versions before 2.3.13 have a vulnerability in ", msg_code("strip_tags"), " ", msg_cve("CVE-2011-2931"))
end
warn :warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2011_2931,
:message => message,
:gem_info => gemfile_or_environment,
:confidence => :high,
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/K5EwdJt06hI/discussion"
end
end