GHSA-p463-639r-q9g9

Source

https://github.com/advisories/GHSA-p463-639r-q9g9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-p463-639r-q9g9/GHSA-p463-639r-q9g9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p463-639r-q9g9

Aliases

CVE-2013-1756

Published

2017-10-24T18:33:37Z

Modified

2024-11-30T05:25:25.248301Z

Summary

Dragonfly Code Injection vulnerability

Details

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

Database specific

{
    "nvd_published_at": "2014-06-09T19:55:06Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:47:55Z"
}

References

Affected packages

RubyGems / dragonfly

Package

Name: dragonfly
Purl: pkg:gem/dragonfly

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.7

Fixed

0.8.6

Affected versions

0.*

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.8.0

0.8.1

0.8.2

0.8.4

0.8.5

RubyGems / dragonfly

Package

Name: dragonfly
Purl: pkg:gem/dragonfly

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.9

Fixed

0.9.13

Affected versions

0.*

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.8

0.9.9

0.9.10

0.9.11

0.9.12