markevans/dragonfly

markevans/dragonfly

markevans.github.io

Releases87

Frequency2 months 3 days

Last Release over 1 year ago

Stars2.11K

A Ruby gem for on-the-fly processing - suitable for image uploading in Rails, Sinatra and much more!

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-33473 ↗	Jun 2, 2022Thursday, 2 June 2022, 20:15	9.1 CRITICAL	4.9 MEDIUM
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
CVE-2021-33564 ↗	May 29, 2021Saturday, 29 May 2021, 14:15	9.8 CRITICAL	6.8 MEDIUM
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
CVE-2013-1756 ↗	Jun 9, 2014Monday, 9 June 2014, 19:55	—	7.5 HIGH
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.