Miggo Logo
Miggo Vulnerability Database
CVE-2013-1756

CVE-2013-1756:
Dragonfly Code Injection vulnerability

7.5

CVSS Score

Basic Information

CVE ID
CVE-2013-1756
GHSA ID
GHSA-p463-639r-q9g9
EPSS Score
0.82769%
CWE
CWE-94
Published
10/24/2017
Updated
11/10/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
dragonflyrubygems>= 0.7, < 0.8.60.8.6
dragonflyrubygems>= 0.9, < 0.9.130.9.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided commit diff (a8775aa) only modifies the README.md file and does not show code changes related to the vulnerability. The actual patched code changes are not included in the provided data, making it impossible to identify specific vulnerable functions with high confidence. Code injection vulnerabilities in Ruby often involve unsafe input handling (e.g., eval, system calls), but without seeing the pre-patch implementation details or security-focused diffs, we cannot definitively pinpoint the affected functions. The advisory descriptions confirm the vulnerability exists in processing crafted requests but lack technical specifics about the flawed code paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *r**on*ly **m *.* ***or* *.*.* *n* *.*.x ***or* *.*.** *or Ru*y, w**n us** wit* Ru*y on R*ils, *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * *r**t** r*qu*st.

Reasoning

T** provi*** *ommit *i** (*******) only mo*i*i*s t** R***M*.m* *il* *n* *o*s not s*ow *o** ***n**s r*l*t** to t** vuln*r**ility. T** **tu*l p*t**** *o** ***n**s *r* not in*lu*** in t** provi*** **t*, m*kin* it impossi*l* to i**nti*y sp**i*i* vuln*r**