Vulnerabilities > Minimagick Project

DATE CVE VULNERABILITY TITLE RISK
2019-07-12 CVE-2019-13574 OS Command Injection vulnerability in multiple products
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
local
low complexity
minimagick-project debian CWE-78
7.8