---
gem: mini_magick
cve: 2013-2616
osvdb: 91231
url: https://nvd.nist.gov/vuln/detail/CVE-2013-2616
title: MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
date: 2013-03-12
description: |
  MiniMagick Gem for Ruby contains a flaw that is triggered during the handling
  of specially crafted input from an untrusted source passed via a URL that
  contains a ';' character. This may allow a context-dependent attacker to
  potentially execute arbitrary commands.
cvss_v2: 9.3
patched_versions:
  - ">= 3.6.0"