RubySec

Providing security resources for the Ruby community

CVE-2013-1756 (fog-dragonfly): Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution

ADVISORIES

GEM

fog-dragonfly

SEVERITY

CVSS v2: 7.5 (High)

UNAFFECTED VERSIONS

  • < 0.7.0

PATCHED VERSIONS

  • >= 0.9.14

DESCRIPTION

Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing of a specially crafted request. This may allow a remote attacker to execute arbitrary code.

This gem has been renamed. Please use “dragonfly” from now on.