CVE-2013-5671

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.

Published: May 12, 2014
Updated: May 9, 2024
CVE: CVE-2013-5671
GHSA: GHSA-qrgf-jqqm-x7xv
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mark_evans / fog-dragonfly	0.8.2	0.8.2.x
dragonfly	-	1.0.0
fog-dragonfly	-	0.9.15.x

http://seclists.org/fulldisclosure/2013/Sep/18
http://seclists.org/oss-sec/2013/q3/526
http://seclists.org/oss-sec/2013/q3/528
http://www.osvdb.org/96798
http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
https://github.com/markevans/dragonfly/issues/520

Vulnerability Database

289,599

CVE-2013-5671