FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2	dragonfly -- argument injection NVD reports: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. Discovery 2021-05-24 Entry 2021-06-11 rubygem-dragonfly < 2.4.0 CVE-2021-33564 https://nvd.nist.gov/vuln/detail/CVE-2021-33564 https://github.com/mlr0p/CVE-2021-33564 https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33564

VuXML ID

Description

c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2

dragonfly -- argument injection

NVD reports:

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.

Discovery 2021-05-24
Entry 2021-06-11
rubygem-dragonfly

< 2.4.0

CVE-2021-33564
https://nvd.nist.gov/vuln/detail/CVE-2021-33564
https://github.com/mlr0p/CVE-2021-33564
https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33564