Sha256: fb8e9d9d24b956855de0b6be4b570f0097b62c5db132662d5e829f2317c69c45
Contents?: true
Size: 526 Bytes
Versions: 1
Compression:
Stored size: 526 Bytes
Contents
gem: mini_magick
cve: 2019-13574
url: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/
title: Remote command execution via filename
date: 2019-07-12
description: |
A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input.
e.g. `MiniMagick::Image.open("| touch.txt")`
cvss_v3: 7.5
patched_versions:
- ">= 4.9.4"
related:
url:
- https://github.com/minimagick/minimagick/commit/4cd5081e58810d3394d27a67219e8e4e0445d851
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/mini_magick/CVE-2019-13574.yml |