Lucene search

K
githubGitHub Advisory DatabaseGHSA-P463-639R-Q9G9
HistoryOct 24, 2017 - 6:33 p.m.

Dragonfly Code Injection vulnerability

2017-10-2418:33:37
CWE-94
GitHub Advisory Database
github.com
14

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

Affected configurations

Vulners
Node
github_advisory_databasedragonflyRange<0.9.13
OR
github_advisory_databasedragonflyRange<0.8.6
CPENameOperatorVersion
dragonflylt0.9.13
dragonflylt0.8.6

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

Related for GHSA-P463-639R-Q9G9