← Back

Minimagick

minimagick

Vendor: Minimagick Project • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-13574
2Debian
Minimagick Project
2Debian Linux
Minimagick
Nov 21, 2024
Jul 12, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character follo...Show more
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.Show less