Sha256: d30b90771a7ea0487bea3f4c48e121a400155293451a26cb487d1c9aa6e861bf

Contents?: true

Size: 491 Bytes

Versions: 6

Compression:

Stored size: 491 Bytes

Contents

---
gem: dragonfly
osvdb: 110439
url: http://osvdb.org/show/osvdb/110439
title: Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
date: 2014-08-25
description: |
  Dragonfly Gem for Ruby contains a flaw in Uploading & Processing that is due
  to the gem failing to restrict arbitrary commands to imagemagicks convert.
  This may allow a remote attacker to gain read/write access to the filesystem
  and execute arbitrary commands.
patched_versions:
  - ">= 1.0.7"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml