CVE-2013-5671: Command Injection

May 12, 2014 (updated May 13, 2014)

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.

References

seclists.org/fulldisclosure/2013/Sep/18
seclists.org/oss-sec/2013/q3/526
seclists.org/oss-sec/2013/q3/528
www.osvdb.org/96798
www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
nvd.nist.gov/vuln/detail/CVE-2013-5671

Detect and mitigate CVE-2013-5671 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →