CVE-2021-33564

🗓️ 29 May 2021 14:15:08Reported by [email protected]Type

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility

Reporter	Title	Published	Views	Family All 23
GithubExploit	Exploit for Argument Injection in Dragonfly_Project Dragonfly	25 May 202102:48	–	githubexploit
GithubExploit	Exploit for Argument Injection in Dragonfly_Project Dragonfly	27 May 202115:44	–	githubexploit
FreeBSD	dragonfly -- argument injection	24 May 202100:00	–	freebsd
Circl	CVE-2021-33564	28 May 202111:43	–	circl
CNNVD	Ruby 参数注入漏洞	29 May 202100:00	–	cnnvd
CNVD	Ruby Parameter Injection Vulnerability	2 Jun 202100:00	–	cnvd
CVE	CVE-2021-33564	29 May 202113:19	–	cve
Cvelist	CVE-2021-33564	29 May 202113:19	–	cvelist
Dsquare	Dragonfly Ruby Gem File Disclosure	28 May 202100:00	–	dsquare
Tenable Nessus	FreeBSD : dragonfly -- argument injection (c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2)	25 Jun 202100:00	–	nessus

NVD

Node

dragonfly_project dragonflyRange<1.4.0ruby

Source	Link
github	www.github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0
github	www.github.com/mlr0p/CVE-2021-33564
github	www.github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5
zxsecurity	www.zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
raw	www.raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CVE-2021-33564.yaml
github	www.github.com/markevans/dragonfly/issues/513

17 Jun 2026 03:54Current

CVSS 26.8

CVSS 3.19.8

EPSS0.72249

CWE-88