Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33473: Merge branch 'better-security' · markevans/dragonfly@2539929

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.

CVE
#vulnerability#js#ruby

@@ -1,8 +1,8 @@ require ‘base64’ require ‘forwardable’ require ‘dragonfly/has_filename’ require ‘dragonfly/temp_object’ require ‘dragonfly/utils’ require “base64” require “forwardable” require “dragonfly/has_filename” require “dragonfly/temp_object” require “dragonfly/utils”
module Dragonfly
@@ -16,11 +16,10 @@ module Dragonfly # It is acted upon in generator, processor, analyser and datastore methods and provides a standard interface for updating content, # no matter how that content first got there (whether in the form of a String/Pathname/File/etc.) class Content
include HasFilename extend Forwardable
def initialize(app, obj="", meta=nil) def initialize(app, obj = “", meta = nil) @app = app @meta = {} @previous_temp_objects = [] @@ -79,7 +78,7 @@ def name=(name) # @example “image/jpeg” # @return [String] def mime_type meta[‘mime_type’] || app.mime_type_for(ext) meta[“mime_type”] || app.mime_type_for(ext) end
# Set the content using a pre-registered generator @@ -93,7 +92,7 @@ def generate!(name, *args)
# Update the content using a pre-registered processor # @example # content.process!(:convert, "-resize 300x300”) # content.process!(:thumb, “300x300”) # @return [Content] self def process!(name, *args) app.get_processor(name).call(self, *args) @@ -111,10 +110,10 @@ def analyse(name) # @param obj [String, Pathname, Tempfile, File, Content, TempObject] can be any of these types # @param meta [Hash] - should be json-like, i.e. contain no types other than String, Number, Boolean # @return [Content] self def update(obj, meta=nil) def update(obj, meta = nil) meta ||= {} self.temp_object = TempObject.new(obj, meta[‘name’]) self.meta[‘name’] ||= temp_object.name if temp_object.name self.temp_object = TempObject.new(obj, meta[“name”]) self.meta[“name”] ||= temp_object.name if temp_object.name clear_analyser_cache add_meta(obj.meta) if obj.respond_to?(:meta) add_meta(meta) @@ -135,7 +134,7 @@ def add_meta(meta) # “file --mime-type #{path}” # end # # ===> “beach.jpg: image/jpeg” def shell_eval(opts={}) def shell_eval(opts = {}) should_escape = opts[:escape] != false command = yield(should_escape ? shell.escape(path) : path) run command, :escape => should_escape @@ -148,7 +147,7 @@ def shell_eval(opts={}) # “/usr/local/bin/generate_text gumfry -o #{path}” # end # @return [Content] self def shell_generate(opts={}) def shell_generate(opts = {}) ext = opts[:ext] || self.ext should_escape = opts[:escape] != false tempfile = Utils.new_tempfile(ext) @@ -165,7 +164,7 @@ def shell_generate(opts={}) # “convert -resize 20x10 #{old_path} #{new_path}” # end # @return [Content] self def shell_update(opts={}) def shell_update(opts = {}) ext = opts[:ext] || self.ext should_escape = opts[:escape] != false tempfile = Utils.new_tempfile(ext) @@ -176,7 +175,7 @@ def shell_update(opts={}) update(tempfile) end
def store(opts={}) def store(opts = {}) datastore.write(self, opts) end
@@ -188,7 +187,7 @@ def b64_data end
def close previous_temp_objects.each{|temp_object| temp_object.close } previous_temp_objects.each { |temp_object| temp_object.close } temp_object.close end
@@ -199,6 +198,7 @@ def inspect private
attr_reader :previous_temp_objects
def temp_object=(temp_object) previous_temp_objects.push(@temp_object) if @temp_object @temp_object = temp_object @@ -215,6 +215,5 @@ def clear_analyser_cache def run(command, opts) shell.run(command, opts) end
end end

Related news

GHSA-fj34-jhjx-xmvv: Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907