PT-2022-10265 · Unknown · Dragonfly Ruby Gem
Mlr0Po
·
Published
2022-06-02
·
Updated
2022-10-27
·
CVE-2021-33473
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Dragonfly Ruby Gem version 1.3.0
Description
An argument injection issue allows attackers to read and write arbitrary files when the
verify url option is disabled. This issue is exploited via a crafted URL.Recommendations
For Dragonfly Ruby Gem version 1.3.0, consider enabling the
verify url option to mitigate the risk of exploitation. As a temporary workaround, restrict access to sensitive files and directories until a patch is available.Exploit
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dragonfly Ruby Gem