What is CVE-2021-33564?

CVE-2021-33564 is a vulnerability in N/a. Published 2021-05-29.

Is CVE-2021-33564 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The prob…

EPSS: 0.934 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/markevans/dragonfly/issues/513 (x_refsource_MISC)
github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5 (x_refsource_MISC)
github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0 (x_refsource_MISC)
raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CV… (x_refsource_MISC)
github.com/mlr0p/CVE-2021-33564 (x_refsource_MISC)
zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-33564?: CVE-2021-33564 is a vulnerability in N/a. Published 2021-05-29.
Is CVE-2021-33564 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.