Argument Injection

2022-06-0313:43:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dragonfly

vulnerability

argument injection

crafted url

arbitrary files

EPSS

0.001

Percentile

45.6%

JSON

dragonfly is vulnerable to argument injection. An attacker can exploit the vulnerability by ejecting crafted url and gaining access to arbitrary files via the disabled verify_url option.

References

github.com/advisories/GHSA-fj34-jhjx-xmvv

github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5

github.com/markevans/dragonfly/issues/513

security.netapp.com/advisory/ntap-20220715-0004/

EPSS

0.001

Percentile

45.6%

JSON

Related for VERACODE:35864