---
gem: mini_magick
cve: 2013-2616
osvdb: 91231
url: http://osvdb.org/show/osvdb/91231
title: MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
date: 2013-03-12

description: MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands.

cvss_v2: 9.3

patched_versions:
  - ">= 3.6.0"