1. CVE-Search
  2. CVE-2013-5671
ID CVE-2013-5671
Summary lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
References
Vulnerable Configurations
  • cpe:2.3:a:mark_evans:fog-dragonfly:0.8.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:mark_evans:fog-dragonfly:0.8.2:*:*:*:*:ruby:*:*
CVSS
Base: 7.5 (as of 13-05-2014 - 12:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
fulldisc 20130903 Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem
misc http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
mlist
  • [oss-security] 20130901 Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem
  • [oss-security] 20130901 Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem
osvdb 96798
Last major update 13-05-2014 - 12:38
Published 12-05-2014 - 14:55
Last modified 13-05-2014 - 12:38
Back to Top