Lucene search

K
osvGoogleOSV:GHSA-P463-639R-Q9G9
HistoryOct 24, 2017 - 6:33 p.m.

Dragonfly Code Injection vulnerability

2017-10-2418:33:37
Google
osv.dev
5

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

Related for OSV:GHSA-P463-639R-Q9G9