RubySec

Providing security resources for the Ruby community

CVE-2013-5671 (fog-dragonfly): fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution

ADVISORIES

GEM

fog-dragonfly

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • >= 0.8.4

DESCRIPTION

fog-dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the imagemagickutils.rb script. This may allow a remote attacker to execute arbitrary commands.

This gem has been renamed. Please use “dragonfly” from now on.