The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2014-06-09 12:55
Updated : 2018-08-13 14:47
NVD link : CVE-2013-1756
Mitre link : CVE-2013-1756
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
mark_evans
- dragonfly_gem
ruby_on_rails
- ruby_on_rails