Skip to main content

Minimagick

1 CVEs product

Monthly

CVE-2019-13574 Ruby HIGH POC PATCH This Week

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Minimagick Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
7.6%
EPSS 8% CVSS 7.8
HIGH POC PATCH This Week

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Minimagick Debian Linux
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy