CVE-2013-1756 – dragonfly

Package

Manager: gem
Name: dragonfly
Vulnerable Version: >=0.7 <0.8.6 || >=0.9 <0.9.13

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01982 pctl0.82875

Details

Dragonfly Code Injection vulnerability The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

Metadata

Created: 2017-10-24T18:33:37Z
Modified: 2025-04-14T21:47:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-p463-639r-q9g9/GHSA-p463-639r-q9g9.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-p463-639r-q9g9
Finding: F422
Auto approve: 1