Lucene search

K
freebsdFreeBSDAA7764AF-0B5E-4DDC-BC65-38AD697A484F
HistoryFeb 19, 2013 - 12:00 a.m.

rubygem-dragonfly -- arbitrary code execution

2013-02-1900:00:00
vuxml.freebsd.org
8

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

Mark Evans reports:

Unfortnately there is a security vulnerability in Dragonfly when
used with Rails which would potentially allow an attacker to run
arbitrary code on a host machine using carefully crafted
requests.

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

Related for AA7764AF-0B5E-4DDC-BC65-38AD697A484F