Lucene search

MitreCVE-2021-33473

HistoryJun 02, 2022 - 8:15 p.m.

CVE-2021-33473

2022-06-0220:15:07

CWE-88

mitre

web.nvd.nist.gov

cve-2021-33473

dragonfly ruby gem

argument injection

file read

file write

security vulnerability

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

45.6%

JSON

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.

Affected configurations

Nvd

Node

dragonfly_projectdragonflyMatch1.3.0ruby

VendorProductVersionCPE
dragonfly_projectdragonfly1.3.0cpe:2.3:a:dragonfly_project:dragonfly:1.3.0:*:*:*:*:ruby:*:*

Vendor	Product	Version	CPE
dragonfly_project	dragonfly	1.3.0	cpe:2.3:a:dragonfly_project:dragonfly:1.3.0:::::ruby::

References

github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5

github.com/markevans/dragonfly/issues/513

security.netapp.com/advisory/ntap-20220715-0004/

Social References

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

45.6%

JSON

Related for CVE-2021-33473