CVE-2021-33564

CRITICAL EXPLOITED IN THE WILD NUCLEI

Dragonfly <1.4.0 - Command Injection

Title source: llm

Exploitation Summary

CVE-2021-33564 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including mlr0p, dorkerdevil. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2021-33564, an argument injection vulnerability in the Dragonfly Ruby Gem. The exploit allows arbitrary file read and write operations via crafted ImageMagick commands.

Description

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.

Exploits (2)

nomisec WORKING POC 16 stars

by mlr0p · remote

https://github.com/mlr0p/CVE-2021-33564

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2021-33564, an argument injection vulnerability in the Dragonfly Ruby Gem. The exploit allows arbitrary file read and write operations via crafted ImageMagick commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dragonfly Ruby Gem (versions affected by CVE-2021-33564)

No auth needed

Prerequisites: Target application using vulnerable Dragonfly Ruby Gem · Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by dorkerdevil · remote

https://github.com/dorkerdevil/CVE-2021-33564