MidnightBSD

Advisories for minimagick_project

CVE-2019-13574 MEDIUM

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
minimagick_project minimagick *