Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/dragonfly@0.4.2
Typegem
Namespace
Namedragonfly
Version0.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.7
Latest_non_vulnerable_version1.4.0
Affected_by_vulnerabilities
0
url VCID-hrz6-hcw2-8qg9
vulnerability_id VCID-hrz6-hcw2-8qg9
summary 
Command Injection
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-5671
reference_id
reference_type
scores
0
value 0.02165
scoring_system epss
scoring_elements 0.84585
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-5671
1
reference_url http://seclists.org/fulldisclosure/2013/Sep/18
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Sep/18
2
reference_url http://seclists.org/oss-sec/2013/q3/526
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/526
3
reference_url http://seclists.org/oss-sec/2013/q3/528
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/528
4
reference_url https://github.com/github/advisory-database/pull/486
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/486
5
reference_url https://github.com/markevans/dragonfly
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly
6
reference_url https://github.com/markevans/dragonfly/commit/47f95bd6b8af11fb0a44d6ab1c6f7d00d880cb68
reference_id
reference_type
scores
url https://github.com/markevans/dragonfly/commit/47f95bd6b8af11fb0a44d6ab1c6f7d00d880cb68
7
reference_url https://github.com/markevans/dragonfly/commit/ff141bb1d921fff506084b62a562f7a83d5e01fe#lib/dragonfly/image_magick/utils.rb
reference_id
reference_type
scores
url https://github.com/markevans/dragonfly/commit/ff141bb1d921fff506084b62a562f7a83d5e01fe#lib/dragonfly/image_magick/utils.rb
8
reference_url https://github.com/markevans/dragonfly/issues/520
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly/issues/520
9
reference_url https://web.archive.org/web/20201208033320/http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208033320/http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
10
reference_url http://www.osvdb.org/96798
reference_id
reference_type
scores
url http://www.osvdb.org/96798
11
reference_url http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
reference_id
reference_type
scores
url http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-5671
reference_id CVE-2013-5671
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-5671
13
reference_url https://github.com/advisories/GHSA-qrgf-jqqm-x7xv
reference_id GHSA-qrgf-jqqm-x7xv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrgf-jqqm-x7xv
fixed_packages
0
url pkg:gem/dragonfly@0.8.4
purl pkg:gem/dragonfly@0.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nvn8-w7vx-ufef
1
vulnerability VCID-uw4s-17xg-r7fu
2
vulnerability VCID-uytz-vvf7-6qdu
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.8.4
1
url pkg:gem/dragonfly@1.0.0
purl pkg:gem/dragonfly@1.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@1.0.0
aliases CVE-2013-5671, GHSA-qrgf-jqqm-x7xv, OSV-96798
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrz6-hcw2-8qg9
1
url VCID-nvn8-w7vx-ufef
vulnerability_id VCID-nvn8-w7vx-ufef
summary 
Remote Code Execution
The gem contains a flaw in Uploading & Processing that is due to the gem failing to restrict arbitrary commands to imagemagicks convert. This may allow a remote attacker to gain read/write access to the filesystem and execute arbitrary commands.
references
0
reference_url http://osvdb.org/show/osvdb/110439
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/110439
fixed_packages
0
url pkg:gem/dragonfly@1.0.7
purl pkg:gem/dragonfly@1.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@1.0.7
aliases OSVDB-110439
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvn8-w7vx-ufef
2
url VCID-uw4s-17xg-r7fu
vulnerability_id VCID-uw4s-17xg-r7fu
summary 
Windows Shell Escaping Weakness
The gem contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
references
0
reference_url http://osvdb.org/show/osvdb/97854
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/97854
fixed_packages
0
url pkg:gem/dragonfly@0.9.6
purl pkg:gem/dragonfly@0.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.9.6
aliases OSVDB-97854
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uw4s-17xg-r7fu
3
url VCID-uytz-vvf7-6qdu
vulnerability_id VCID-uytz-vvf7-6qdu
summary 
Improper Control of Generation of Code ('Code Injection')
The Dragonfly gem for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1756
reference_id
reference_type
scores
0
value 0.01982
scoring_system epss
scoring_elements 0.83874
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1756
1
reference_url http://secunia.com/advisories/52380
reference_id
reference_type
scores
url http://secunia.com/advisories/52380
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/82476
3
reference_url https://github.com/markevans/dragonfly
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly
4
reference_url https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277
5
reference_url https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
6
reference_url https://web.archive.org/web/20200229103538/http://www.securityfocus.com/bid/58225
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229103538/http://www.securityfocus.com/bid/58225
7
reference_url http://www.securityfocus.com/bid/58225
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58225
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1756
reference_id CVE-2013-1756
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1756
9
reference_url https://github.com/advisories/GHSA-p463-639r-q9g9
reference_id GHSA-p463-639r-q9g9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p463-639r-q9g9
fixed_packages
0
url pkg:gem/dragonfly@0.8.6
purl pkg:gem/dragonfly@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nvn8-w7vx-ufef
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.8.6
1
url pkg:gem/dragonfly@0.9.13
purl pkg:gem/dragonfly@0.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nvn8-w7vx-ufef
1
vulnerability VCID-uytz-vvf7-6qdu
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.9.13
aliases CVE-2013-1756, GHSA-p463-639r-q9g9, OSV-90647
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uytz-vvf7-6qdu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/dragonfly@0.4.2