2 matches found
CVE-2021-33564
Summary: CVE-2021-33564 affects the Dragonfly Ruby Gem prior to 1.4.0. An argument injection flaw allows remote attackers to read and write arbitrary files via a crafted URL when the verify_url option is disabled, potentially enabling arbitrary code execution. The root cause is described as misha...
CVE-2021-33473
CVE-2021-33473 concerns the Dragonfly Ruby Gem (v1.3.0) where an argument injection flaw lets an attacker read and write arbitrary files when the verify_url option is disabled. The vulnerability is triggered by a crafted URL, enabling unauthorized file access or modification on affected deploymen...