An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-29T13:19:16
Updated: 2024-08-03T23:50:43.164Z
Reserved: 2021-05-24T00:00:00
Link: CVE-2021-33564
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-29T14:15:08.510
Modified: 2024-11-21T06:09:06.470
Link: CVE-2021-33564
Redhat
No data.