An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-29T13:19:16

Updated: 2024-08-03T23:50:43.164Z

Reserved: 2021-05-24T00:00:00

Link: CVE-2021-33564

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-29T14:15:08.510

Modified: 2024-11-21T06:09:06.470

Link: CVE-2021-33564

cve-icon Redhat

No data.