Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
An argument injection vulnerability in Dragonfly Ruby Gem through v1.3.0 allows attackers to read and write arbitrary files when the "verify_url" option is disabled. This vulnerability is exploited via a crafted URL.
CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.