Vulnerability Details : CVE-2013-1756
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
Vulnerability category: Execute code
Products affected by CVE-2013-1756
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.8:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.7:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.0:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.8.5:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.5:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.4:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.3:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.6:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.5:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.8.4:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.8.2:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.2:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.1:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.10:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.9:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.2:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.1:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.7:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.6:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.12:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.11:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.4:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.9.3:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.8.1:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.8.0:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
- cpe:2.3:a:mark_evans:dragonfly_gem:0.7.0:*:*:*:*:*:*:*When used together with: Ruby On Rails » Ruby On Rails
Exploit prediction scoring system (EPSS) score for CVE-2013-1756
1.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1756
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-1756
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1756
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
dragonfly gem for Ruby code execution CVE-2013-1756 Vulnerability Report
-
https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
Important Security Update - Dragonfly 0.9.14 released [CVE-2013-1756] - Google Groepen
-
https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
security update note · markevans/dragonfly@a8775aa · GitHubVendor Advisory
-
http://www.securityfocus.com/bid/58225
Ruby dragonfly Gem CVE-2013-1756 Remote Arbitrary Code Execution Vulnerability
Jump to