FreeBSD : rubygem-dragonfly -- arbitrary code execution (aa7764af-0b5e-4ddc-bc65-38ad697a484f)
High Nessus Plugin ID 64922
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMark Evans reports :
Unfortnately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.
SolutionUpdate the affected packages.