Remote Code Execution Vulnerability in Dragonfly
65 views
Skip to first unread message
m...@state.io
Feb 27, 2013, 9:52:16 AM2/27/13
to rubysec-...@googlegroups.com
Hello,
"Unfortunately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.
The vulnerability has been assigned the CVE identifier CVE-2013-1756.
Dragonfly version 0.9.14 has been released, which fixes the vulnerability.
It is recommended that you upgrade immediately."
More information at: https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
Max
Reply all
Reply to author
Forward
0 new messages