CVE-2021-33564

Published 22 days ago
Category: Code Injection
Source: GitHub
Severity: Critical

Vulnerability in dragonfly

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.4.0

Unaffected Versions

n/a

References

n/a