Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution
Published: February 19, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-1756 (NVD)
- OSVDB: OSVDB-90647
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
UNAFFECTED VERSIONS
< 0.7.0
PATCHED VERSIONS
>= 0.9.14
DESCRIPTION
Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing of a specially crafted request. This may allow a remote attacker to execute arbitrary code.
This gem has been renamed. Please use "dragonfly" from now on.