RubyGems package
mini_magick
pkg:gem/mini_magick
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13574 | — | < 4.9.4 | 4.9.4 | Jul 12, 2019 | In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | ||
| CVE-2013-2616 | — | < 3.6.0 | 3.6.0 | Mar 20, 2013 | lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
- CVE-2019-13574Jul 12, 2019affected < 4.9.4fixed 4.9.4
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
- CVE-2013-2616Mar 20, 2013affected < 3.6.0fixed 3.6.0
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.