Dragonfly Code Injection vulnerability

GHSA-p463-639r-q9g9 · CVE-2013-1756

Published Oct 24, 2017 · Modified Apr 14, 2025

Description

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-1756
WEB https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
PACKAGE https://github.com/markevans/dragonfly
WEB https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
WEB https://web.archive.org/web/20200229103538/http://www.securityfocus.com/bid/58225

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes