Lucene search
GoogleOSV:GHSA-FJ34-JHJX-XMVVHistoryJun 03, 2022 - 12:00 a.m.
Arbitrary file write in dragonfly
2022-06-0300:00:33
Google
osv.dev
7
0.001 Low
EPSS
Percentile
45.6%
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
References
github.com/markevans/dragonfly
github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5
github.com/markevans/dragonfly/issues/513
github.com/rubysec/ruby-advisory-db/blob/master/gems/dragonfly/CVE-2021-33473.yml
nvd.nist.gov/vuln/detail/CVE-2021-33473
security.netapp.com/advisory/ntap-20220715-0004
Related
cve
cve
CVE-2021-33473
2022-06-02 20:15:07
veracode
veracode
Argument Injection
2022-06-03 13:43:30
osv
osv
CVE-2021-33473
2022-06-02 20:15:07
nvd
nvd
CVE-2021-33473
2022-06-02 20:15:07
prion
prion
Design/Logic Flaw
2022-06-02 20:15:00
github
github
Arbitrary file write in dragonfly
2022-06-03 00:00:33
cvelist
cvelist
CVE-2021-33473
2022-06-02 19:55:57