Skip to content

MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection

High severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Aug 29, 2023

Package

bundler mini_magick (RubyGems)

Affected versions

< 3.6.0

Patched versions

3.6.0

Description

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

References

Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Aug 29, 2023

Severity

High

EPSS score

0.802%
(82nd percentile)

Weaknesses

CVE ID

CVE-2013-2616

GHSA ID

GHSA-w754-gq8r-pf5f

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.