FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-dragonfly -- arbitrary code execution

Affected packages
rubygem18-dragonfly < 0.9.14
rubygem19-dragonfly < 0.9.14
rubygem20-dragonfly < 0.9.14

Details

VuXML ID aa7764af-0b5e-4ddc-bc65-38ad697a484f
Discovery 2013-02-19
Entry 2013-02-28

Mark Evans reports:

Unfortnately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.

References

CVE Name CVE-2013-1756