Mark Evans

3 exploits Active since Jun 2014
CVE-2021-33564 WRITEUP CRITICAL WRITEUP
Dragonfly <1.4.0 - Command Injection
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
CVSS 9.8
CVE-2013-1756 WRITEUP WRITEUP
Dragonfly gem 0.7-0.8.5 and 0.9.x < 0.9.13 - Remote Code Execution
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
CVE-2021-33473 WRITEUP CRITICAL WRITEUP
Dragonfly Ruby Gem <1.3.0 - Command Injection
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
CVSS 9.1