Sha256: 036c2c54befc002588121f37a419b6a757df1ad584f3e3234ecfbe26cd113940

Contents?: true

Size: 561 Bytes

Versions: 6

Compression:

Stored size: 561 Bytes

Contents

---
gem: fog-dragonfly
osvdb: 110439
url: http://osvdb.org/show/osvdb/110439
title: Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
date: 2014-08-25
description: |
  Dragonfly Gem for Ruby contains a flaw in Uploading & Processing that is due
  to the gem failing to restrict arbitrary commands to imagemagicks convert.
  This may allow a remote attacker to gain read/write access to the filesystem
  and execute arbitrary commands.

  This gem has been renamed. Please use "dragonfly" from now on.
patched_versions:
  - ">= 0.8.4"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml