CVE-2021-33564

Name of the Vulnerable Software and Affected Versions Dragonfly gem versions prior to 1.4.0

Description An argument injection issue allows remote attackers to read and write to arbitrary files via a crafted URL when the verify url option is disabled, potentially leading to code execution. This occurs because the generate and process features mishandle the use of the ImageMagick convert utility.

Recommendations For Dragonfly gem versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider enabling the verify url option to minimize the risk of exploitation. Restrict access to the generate and process features until the update is applied.