Back to CVE Browser

CVE-2021-33473

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1840%

EPSS Percentile27.39th

PublishedJun 2, 2022

Last ModifiedNov 21, 2024

Vulnerability Description

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.

Affected Platforms (CPE)

📦

Dragonfly Project

Dragonfly

= 1.3.0

References & Advisories

🔗 https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5

🔗 https://github.com/markevans/dragonfly/issues/513

🔗 https://security.netapp.com/advisory/ntap-20220715-0004/

🔗 https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5

🔗 https://github.com/markevans/dragonfly/issues/513

🔗 https://security.netapp.com/advisory/ntap-20220715-0004/

Related Vulnerabilities

CVE-2021-335649.8

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitr...

CVE-2006-06447.5

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote...

CVE-2005-22217.5

Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute...

CVE-2006-07277.5

SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfl...