CVE-2013-1756: Improper Control of Generation of Code ('Code Injection')

June 9, 2014 (updated August 13, 2018)

The Dragonfly gem for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

References

secunia.com/advisories/52380
www.securityfocus.com/bid/58225
exchange.xforce.ibmcloud.com/vulnerabilities/82476
github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
groups.google.com/forum/?fromgroups=
nvd.nist.gov/vuln/detail/CVE-2013-1756

Detect and mitigate CVE-2013-1756 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →