RubyGems package
dragonfly
pkg:gem/dragonfly
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33473 | — | < 1.4.0 | 1.4.0 | Jun 2, 2022 | An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | ||
| CVE-2021-33564 | — | < 1.4.0 | 1.4.0 | May 29, 2021 | An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and proce | ||
| CVE-2013-1756 | — | >= 0.7, < 0.8.6 | 0.8.6 | Jun 9, 2014 | The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. | ||
| CVE-2013-5671 | — | < 1.0.0 | 1.0.0 | May 12, 2014 | lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. |
- CVE-2021-33473Jun 2, 2022affected < 1.4.0fixed 1.4.0
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
- CVE-2021-33564May 29, 2021affected < 1.4.0fixed 1.4.0
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and proce
- CVE-2013-1756Jun 9, 2014affected >= 0.7, < 0.8.6fixed 0.8.6
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
- CVE-2013-5671May 12, 2014affected < 1.0.0fixed 1.0.0
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.