Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/dragonfly@0.9.3
Typegem
Namespace
Namedragonfly
Version0.9.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.0
Latest_non_vulnerable_version1.4.0
Affected_by_vulnerabilities
0
url VCID-ck55-4m36-7kgs
vulnerability_id VCID-ck55-4m36-7kgs
summary 
Remote Code Execution
The gem contains a flaw in Uploading & Processing that is due to the gem failing to restrict arbitrary commands to imagemagicks convert. This may allow a remote attacker to gain read/write access to the filesystem and execute arbitrary commands.
references
0
reference_url http://osvdb.org/show/osvdb/110439
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/110439
fixed_packages
0
url pkg:gem/dragonfly@1.0.7
purl pkg:gem/dragonfly@1.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-szyc-jant-d7d9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@1.0.7
aliases OSVDB-110439
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ck55-4m36-7kgs
1
url VCID-fb5s-rqyn-tbgh
vulnerability_id VCID-fb5s-rqyn-tbgh
summary Dragonfly Code Injection vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1756
reference_id
reference_type
scores
0
value 0.01982
scoring_system epss
scoring_elements 0.84012
published_at 2026-06-12T12:55:00Z
1
value 0.01982
scoring_system epss
scoring_elements 0.83955
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1756
1
reference_url http://secunia.com/advisories/52380
reference_id
reference_type
scores
url http://secunia.com/advisories/52380
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
3
reference_url https://github.com/markevans/dragonfly
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly
4
reference_url https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
5
reference_url https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
6
reference_url https://web.archive.org/web/20200229103538/http://www.securityfocus.com/bid/58225
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229103538/http://www.securityfocus.com/bid/58225
7
reference_url http://www.securityfocus.com/bid/58225
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58225
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1756
reference_id CVE-2013-1756
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1756
9
reference_url https://github.com/advisories/GHSA-p463-639r-q9g9
reference_id GHSA-p463-639r-q9g9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p463-639r-q9g9
fixed_packages
0
url pkg:gem/dragonfly@0.9.13
purl pkg:gem/dragonfly@0.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ck55-4m36-7kgs
1
vulnerability VCID-fb5s-rqyn-tbgh
2
vulnerability VCID-szyc-jant-d7d9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.9.13
aliases CVE-2013-1756, GHSA-p463-639r-q9g9, OSV-90647
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fb5s-rqyn-tbgh
2
url VCID-rnet-xc7w-e3fb
vulnerability_id VCID-rnet-xc7w-e3fb
summary 
Windows Shell Escaping Weakness
The gem contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
references
0
reference_url http://osvdb.org/show/osvdb/97854
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/97854
fixed_packages
0
url pkg:gem/dragonfly@0.9.6
purl pkg:gem/dragonfly@0.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.9.6
aliases OSVDB-97854
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnet-xc7w-e3fb
3
url VCID-szyc-jant-d7d9
vulnerability_id VCID-szyc-jant-d7d9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33564
reference_id
reference_type
scores
0
value 0.93359
scoring_system epss
scoring_elements 0.99823
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33564
1
reference_url https://github.com/advisories/GHSA-j858-xp5v-f8xx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j858-xp5v-f8xx
2
reference_url https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5
3
reference_url https://github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0
4
reference_url https://github.com/markevans/dragonfly/issues/513
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly/issues/513
5
reference_url https://github.com/mlr0p/CVE-2021-33564
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlr0p/CVE-2021-33564
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/dragonfly/CVE-2021-33564.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/dragonfly/CVE-2021-33564.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33564
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33564
8
reference_url https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CVE-2021-33564.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CVE-2021-33564.yaml
9
reference_url https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly
10
reference_url https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
reference_id
reference_type
scores
url https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
fixed_packages
0
url pkg:gem/dragonfly@1.4.0
purl pkg:gem/dragonfly@1.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@1.4.0
aliases CVE-2021-33564, GHSA-j858-xp5v-f8xx
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szyc-jant-d7d9
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.9.3