Vulnerabilities (CVE)

Filtered by vendor Dragonfly Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33564 1 Dragonfly Project 1 Dragonfly 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
CVE-2021-33473 1 Dragonfly Project 1 Dragonfly 2024-11-21 4.9 MEDIUM 9.1 CRITICAL
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.