Filtered by vendor Dragonfly Project
Subscriptions
Filtered by product Dragonfly
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33473 | 1 Dragonfly Project | 1 Dragonfly | 2022-10-27 | 9.1 Critical |
| An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | ||||
| CVE-2021-33564 | 1 Dragonfly Project | 1 Dragonfly | 2021-06-10 | 9.8 Critical |
| An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. | ||||
Page 1 of 1.