CVE-2021-33473 - CERT CVE
ID CVE-2021-33473
Sažetak An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
Reference
CVSS
Base: 4.9
Impact: 4.9
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:S/C:P/I:P/A:N
Zadnje važnije ažuriranje 27-10-2022 - 16:14
Objavljeno 02-06-2022 - 20:15