mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.5 KiB
1.5 KiB
CVE-2021-33564
Description
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
POC
Reference
- https://github.com/mlr0p/CVE-2021-33564
- https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/BLACKHAT-SSG/MindMaps2
- https://github.com/Lazykakarot1/Learn-365
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/PwnAwan/MindMaps2
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/dorkerdevil/CVE-2021-33564
- https://github.com/harsh-bothra/learn365
- https://github.com/markevans/dragonfly
- https://github.com/mlr0p/CVE-2021-33564
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/zecool/cve