FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2dragonfly -- argument injection

NVD reports:

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.


Discovery 2021-05-24
Entry 2021-06-11
rubygem-dragonfly
lt 2.4.0

CVE-2021-33564
https://nvd.nist.gov/vuln/detail/CVE-2021-33564
https://github.com/mlr0p/CVE-2021-33564
https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33564