VulnerableCode Package Details - pkg:gem/dragonfly@0.9.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/dragonfly@0.9.3

Essentials
History (6)

purl	pkg:gem/dragonfly@0.9.3

Next non-vulnerable version	1.4.0
Latest non-vulnerable version	1.4.0
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-ck55-4m36-7kgs Aliases: OSVDB-110439	Remote Code Execution The gem contains a flaw in Uploading & Processing that is due to the gem failing to restrict arbitrary commands to imagemagicks convert. This may allow a remote attacker to gain read/write access to the filesystem and execute arbitrary commands.	1.0.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-fb5s-rqyn-tbgh Aliases: CVE-2013-1756 GHSA-p463-639r-q9g9 OSV-90647	Dragonfly Code Injection vulnerability	0.9.13 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rnet-xc7w-e3fb Aliases: OSVDB-97854	Windows Shell Escaping Weakness The gem contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.	0.9.6 Affected by 0 other vulnerabilities.
VCID-szyc-jant-d7d9 Aliases: CVE-2021-33564 GHSA-j858-xp5v-f8xx		1.4.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T09:17:25.571477+00:00	Ruby Importer	Affected by	VCID-fb5s-rqyn-tbgh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/dragonfly/CVE-2013-1756.yml	38.6.0
2026-06-13T08:30:28.163683+00:00	GHSA Importer	Affected by	VCID-szyc-jant-d7d9	https://github.com/advisories/GHSA-j858-xp5v-f8xx	38.6.0
2026-06-12T17:42:00.867487+00:00	GitLab Importer	Affected by	VCID-szyc-jant-d7d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/CVE-2021-33564.yml	38.6.0
2026-06-12T16:55:37.096566+00:00	GitLab Importer	Affected by	VCID-fb5s-rqyn-tbgh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/CVE-2013-1756.yml	38.6.0
2026-06-12T16:47:45.621660+00:00	GitLab Importer	Affected by	VCID-ck55-4m36-7kgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/OSVDB-110439.yml	38.6.0
2026-06-12T16:45:52.349943+00:00	GitLab Importer	Affected by	VCID-rnet-xc7w-e3fb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/dragonfly/OSVDB-97854.yml	38.6.0