Vulnerability Description
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mark Evans | Dragonfly Gem | 0.7.0 |
| Ruby On Rails | Ruby On Rails | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/52380
- http://www.securityfocus.com/bid/58225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
- https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27dVendor Advisory
- https://groups.google.com/forum/?fromgroups=#%21topic/dragonfly-users/3c3WIU3VQT
- http://secunia.com/advisories/52380
- http://www.securityfocus.com/bid/58225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
- https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27dVendor Advisory
- https://groups.google.com/forum/?fromgroups=#%21topic/dragonfly-users/3c3WIU3VQT
FAQ
What is CVE-2013-1756?
CVE-2013-1756 is a vulnerability with a CVSS score of 7.5 (HIGH). The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
How severe is CVE-2013-1756?
CVE-2013-1756 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1756?
Check the references section above for vendor advisories and patch information. Affected products include: Mark Evans Dragonfly Gem, Ruby On Rails Ruby On Rails.