mini_magick

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mini_magickpage 1 of 1

CVE-2013-2616NONECVSS 0.0EG 0.0✓ Fixed in 3.6.0
2013-03-20
vulnerable: 1.0.1 ... 3.5.0 (23 versions)
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
CVE-2019-13574HIGHCVSS 7.8EG 7.8✓ Fixed in 4.9.4
2019-07-12
vulnerable: 1.0.1 ... 4.9.3 (62 versions)
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

Check whether mini_magick is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mini_magick CVEs against the assets you own.

Start Free Scan →