MidnightBSD

Advisories for mark_evans

CVE-2013-1756 HIGH

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
mark_evans dragonfly_gem 0.7.1
mark_evans dragonfly_gem 0.7.4
mark_evans dragonfly_gem 0.9.4
mark_evans dragonfly_gem 0.7.7
mark_evans dragonfly_gem 0.9.3
mark_evans dragonfly_gem 0.9.6
mark_evans dragonfly_gem 0.7.6
mark_evans dragonfly_gem 0.8.5
mark_evans dragonfly_gem 0.9.2
mark_evans dragonfly_gem 0.9.0
mark_evans dragonfly_gem 0.7.2
mark_evans dragonfly_gem 0.9.12
mark_evans dragonfly_gem 0.7.3
mark_evans dragonfly_gem 0.8.4
mark_evans dragonfly_gem 0.9.7
mark_evans dragonfly_gem 0.9.11
mark_evans dragonfly_gem 0.7.0
mark_evans dragonfly_gem 0.7.5
mark_evans dragonfly_gem 0.9.1
mark_evans dragonfly_gem 0.8.2
mark_evans dragonfly_gem 0.9.10
mark_evans dragonfly_gem 0.9.5
mark_evans dragonfly_gem 0.9.8
mark_evans dragonfly_gem 0.8.1
mark_evans dragonfly_gem 0.9.9
mark_evans dragonfly_gem 0.8.0
CVE-2013-5671 HIGH

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mark_evans fog-dragonfly 0.8.2