---
gem: dragonfly
osvdb: 97854
url: http://osvdb.org/show/osvdb/97854
title: Dragonfly Gem for Ruby on Windows Shell Escaping Weakness
date: 2011-09-01
description: |
  Dragonfly Gem for Ruby contains a flaw that is due to the program failing to
  properly escape a shell that contains injected characters. This may allow a
  context-dependent attacker to potentially execute arbitrary commands.
patched_versions:
  - ">= 0.9.6"