CVE-2013-1756 (fog-dragonfly): Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution

February 19th, 2013

ADVISORIES

CVE-2013-1756 (NVD)
OSVDB-90647

GEM

fog-dragonfly

SEVERITY

CVSS v2.0: 7.5 (High)

UNAFFECTED VERSIONS

< 0.7.0

PATCHED VERSIONS

>= 0.9.14

DESCRIPTION

Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing of a specially crafted request. This may allow a remote attacker to execute arbitrary code.

This gem has been renamed. Please use "dragonfly" from now on.

RubySec