PT-2014-2488 · Ruby · Dragonfly+1

Published

2014-06-09

Updated

2018-08-13

CVE-2013-1756

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Dragonfly gem versions 0.7 through 0.8.5 Dragonfly gem versions 0.9.x through 0.9.12

Description The issue allows remote attackers to execute arbitrary code via a crafted request when the Dragonfly gem is used with Ruby on Rails.

Recommendations For Dragonfly gem versions 0.7 through 0.8.5, update to version 0.8.6 or later. For Dragonfly gem versions 0.9.x through 0.9.12, update to version 0.9.13 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-1756

GHSA-P463-639R-Q9G9

Affected Products

Dragonfly

Ruby On Rails

PT-2014-2488 · Ruby · Dragonfly+1

CVE-2013-1756

Weakness Enumeration

Related Identifiers

Affected Products

References · 10