Cross site request forgery (csrf)

2014-06-0919:55:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.328 Low

EPSS

Percentile

97.1%

JSON

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

CPENameOperatorVersion
dragonfly_gemeq0.7.0
dragonfly_gemeq0.7.1
dragonfly_gemeq0.7.2
dragonfly_gemeq0.7.3
dragonfly_gemeq0.7.4
dragonfly_gemeq0.7.5
dragonfly_gemeq0.7.6
dragonfly_gemeq0.7.7
dragonfly_gemeq0.8.0
dragonfly_gemeq0.8.1

Name	Operator	Version
dragonfly_gem	eq	0.7.0
dragonfly_gem	eq	0.7.1
dragonfly_gem	eq	0.7.2
dragonfly_gem	eq	0.7.3
dragonfly_gem	eq	0.7.4
dragonfly_gem	eq	0.7.5
dragonfly_gem	eq	0.7.6
dragonfly_gem	eq	0.7.7
dragonfly_gem	eq	0.8.0
dragonfly_gem	eq	0.8.1