RSS   Podatności dla 'Minimagick'   RSS

2019-07-11
 
CVE-2019-13574

CWE-20
 

 
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

 


Copyright 2024, cxsecurity.com

 

Back to Top