Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-1756
Vulnerability from gsd - Updated: 2013-02-19 00:00Details
Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing
of a specially crafted request. This may allow a remote attacker to execute
arbitrary code.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1756",
"description": "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.",
"id": "GSD-2013-1756"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "dragonfly",
"purl": "pkg:gem/dragonfly"
}
}
],
"aliases": [
"CVE-2013-1756",
"OSVDB-90647"
],
"details": "Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing\nof a specially crafted request. This may allow a remote attacker to execute\narbitrary code.\n",
"id": "GSD-2013-1756",
"modified": "2013-02-19T00:00:00.000Z",
"published": "2013-02-19T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1756"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
}
],
"summary": "Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dragonfly-ruby-code-exec(82476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82476"
},
{
"name": "58225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58225"
},
{
"name": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277",
"refsource": "CONFIRM",
"url": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277"
},
{
"name": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo"
},
{
"name": "52380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52380"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-1756",
"cvss_v2": 7.5,
"date": "2013-02-19",
"description": "Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing\nof a specially crafted request. This may allow a remote attacker to execute\narbitrary code.\n\nThis gem has been renamed. Please use \"dragonfly\" from now on.\n",
"gem": "fog-dragonfly",
"osvdb": 90647,
"patched_versions": [
"\u003e= 0.9.14"
],
"title": "Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution",
"unaffected_versions": [
"\u003c 0.7.0"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1756"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.7.0 \u003c0.9.13",
"affected_versions": "All versions starting from 0.7.0 before 0.9.13",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2018-08-13",
"description": "Unfortunately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.",
"fixed_versions": [
"0.9.13"
],
"identifier": "CVE-2013-1756",
"identifiers": [
"CVE-2013-1756"
],
"not_impacted": "Non rails apps.",
"package_slug": "gem/dragonfly",
"pubdate": "2014-06-09",
"solution": "Upgrade",
"title": "Remote code execution vulnerability",
"urls": [
"https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo"
],
"uuid": "7fb8a87d-cafe-44f7-b4cd-94c2ccfd7682"
},
{
"affected_range": "\u003e=0.7.0",
"affected_versions": "All versions starting from 0.7.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2018-08-13",
"description": "The Dragonfly gem for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.",
"fixed_versions": [],
"identifier": "CVE-2013-1756",
"identifiers": [
"CVE-2013-1756"
],
"not_impacted": "All versions before 0.7.0",
"package_slug": "gem/fog-dragonfly",
"pubdate": "2014-06-09",
"solution": "Unfortunately, there is no solution available at the moment",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2013-1756",
"http://www.securityfocus.com/bid/58225",
"http://secunia.com/advisories/52380",
"https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/82476",
"https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo"
],
"uuid": "e8f49da7-18f5-4ccc-bce9-febccd9e371c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mark_evans:dragonfly_gem:0.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby_on_rails:ruby_on_rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1756"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58225",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/58225"
},
{
"name": "52380",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/52380"
},
{
"name": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277"
},
{
"name": "dragonfly-ruby-code-exec(82476)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82476"
},
{
"name": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo",
"refsource": "CONFIRM",
"tags": [],
"url": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-08-13T21:47Z",
"publishedDate": "2014-06-09T19:55Z"
}
}
}