High severityNVD Advisory· Published Mar 20, 2013· Updated Apr 29, 2026
CVE-2013-2616
CVE-2013-2616
Description
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mini_magickRubyGems | < 3.6.0 | 3.6.0 |
Affected products
1- cpe:2.3:a:rubygems:mini_magick:1.3.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-w754-gq8r-pf5fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2616ghsaADVISORY
- packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.htmlnvdWEB
- seclists.org/fulldisclosure/2013/Mar/123nvdWEB
- www.openwall.com/lists/oss-security/2013/03/19/9nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/mini_magick/CVE-2013-2616.ymlghsaWEB
- web.archive.org/web/20130315095512/http://www.securityfocus.com/bid/58448ghsaWEB
- www.osvdb.org/91231nvd
- www.securityfocus.com/bid/58448nvd
News mentions
0No linked articles in our index yet.