Dragonfly Ruby Gem < 1.4.0 Argument Injection Vulnerability

critical Web App Scanning Plugin ID 112974

Synopsis

Dragonfly Ruby Gem < 1.4.0 Argument Injection Vulnerability

Description

Dragonfly is a popular ruby library used for handling images on websites to generate image thumbnails, text images or managing attachments. When the `verify_urls` option is disabled, an attacker can leverage the vulnerability to inject malicious arguments to shell commands and achieve file read and write, or remote code execution on the target application.

Solution

As an immediate workaround, ensure that the verify_urls option is enabled. As the exploitation of the vulnerability remains possible if the attacker retrieves the application secret, it is recommended to update the Dragonfly ruby gem to version 1.4.0 or above to mitigate this issue.

See Also

https://github.com/markevans/dragonfly

https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/

Plugin Details

Severity: Critical

ID: 112974

Type: remote

Published: 9/14/2021

Updated: 9/14/2021

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-33564

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2021-33564

Vulnerability Information

CPE: cpe:2.3:a:dragonfly_project:dragonfly:*:*:*:*:*:ruby:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2021-33564