Improper Control of Generation of Code ('Code Injection')
The Dragonfly gem for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
Advisories for Gem/Fog-Dragonfly package
2014
Remote Command Injection
Unescaped user supplied input is passed to the command line for shell execution in lib/dragonfly/imagemagickutils.rb.