CVE-2013-1756
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0198 (2.0%)
Percentil: 83.7%
EPSS: 2026-05-06
Afecta
mark_evans:dragonfly_gemruby_on_rails:ruby_on_railsDescripción técnica
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
Publicada: 9/6/2014, 19:55:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://secunia.com/advisories/52380
- http://www.securityfocus.com/bid/58225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
- https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
- https://groups.google.com/forum/?fromgroups=#%21topic/dragonfly-users/3c3WIU3VQTo
- http://secunia.com/advisories/52380
- http://www.securityfocus.com/bid/58225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82476