fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution
Published: September 03, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-5671 (NVD)
- GHSA: GHSA-qrgf-jqqm-x7xv
- OSVDB: OSVDB-96798
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
>= 0.8.4
DESCRIPTION
fog-dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the imagemagickutils.rb script. This may allow a remote attacker to execute arbitrary commands.
This gem has been renamed. Please use "dragonfly" from now on.