Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-5671

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-5671
Last Modified 13 May 2014 08:38:05
Published 12 May 2014 10:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-5671

Summary

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.

Vulnerable Systems

Application

  • Mark Evans Fog-dragonfly 0.8.2


References

MISC - http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html

OSVDB - 96798

MLIST - [oss-security] 20130901 Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem

MLIST - [oss-security] 20130901 Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem

FULLDISC - 20130903 Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem


Last Updated: 27 May 2016 11:05:13