VulnerableCode Package Details - pkg:gem/dragonfly@0.8.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-nvn8-w7vx-ufef Aliases: OSVDB-110439	Remote Code Execution The gem contains a flaw in Uploading & Processing that is due to the gem failing to restrict arbitrary commands to imagemagicks convert. This may allow a remote attacker to gain read/write access to the filesystem and execute arbitrary commands.	1.0.7 Affected by 0 other vulnerabilities.
VCID-uw4s-17xg-r7fu Aliases: OSVDB-97854	Windows Shell Escaping Weakness The gem contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.	0.9.6 Affected by 0 other vulnerabilities.
VCID-uytz-vvf7-6qdu Aliases: CVE-2013-1756 GHSA-p463-639r-q9g9 OSV-90647	Improper Control of Generation of Code ('Code Injection') The Dragonfly gem for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.	0.8.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 0.9.13 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-nvn8-w7vx-ufef
Aliases:
OSVDB-110439

Remote Code Execution The gem contains a flaw in Uploading & Processing that is due to the gem failing to restrict arbitrary commands to imagemagicks convert. This may allow a remote attacker to gain read/write access to the filesystem and execute arbitrary commands.

1.0.7
Affected by 0 other vulnerabilities.

VCID-uw4s-17xg-r7fu
Aliases:
OSVDB-97854

Windows Shell Escaping Weakness The gem contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.

0.9.6
Affected by 0 other vulnerabilities.

VCID-uytz-vvf7-6qdu
Aliases:
CVE-2013-1756
GHSA-p463-639r-q9g9
OSV-90647

Improper Control of Generation of Code ('Code Injection') The Dragonfly gem for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.

0.8.6
Affected by 1 other vulnerability.

0.9.13
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hrz6-hcw2-8qg9	Command Injection lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.	CVE-2013-5671 GHSA-qrgf-jqqm-x7xv OSV-96798

Vulnerability

Summary

Aliases

VCID-hrz6-hcw2-8qg9

Command Injection lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.

CVE-2013-5671
GHSA-qrgf-jqqm-x7xv
OSV-96798

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T10:15:27.260118+00:00	Ruby Importer	Fixing	VCID-hrz6-hcw2-8qg9	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/dragonfly/CVE-2013-5671.yml	38.6.0
2026-05-31T10:15:21.015960+00:00	Ruby Importer	Affected by	VCID-uytz-vvf7-6qdu	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/dragonfly/CVE-2013-1756.yml	38.6.0
2026-05-31T09:41:25.434119+00:00	GitLab Importer	Affected by	VCID-uytz-vvf7-6qdu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/CVE-2013-1756.yml	38.6.0
2026-05-31T09:33:17.972216+00:00	GitLab Importer	Affected by	VCID-nvn8-w7vx-ufef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/OSVDB-110439.yml	38.6.0
2026-05-31T09:31:05.621249+00:00	GitLab Importer	Affected by	VCID-uw4s-17xg-r7fu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/OSVDB-97854.yml	38.6.0
2026-05-30T20:52:06.832785+00:00	GitLab Importer	Fixing	VCID-hrz6-hcw2-8qg9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/CVE-2013-5671.yml	38.6.0