SUSE CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

CVE-2025-24293

CVE-2025-24293 affects Rails with Active Storage using image_processing/mini_magick; unsafe allowed transformation methods enable potential command injection when untrusted input reaches blob.variant, per multiple sources. Impact reported as high/critical (CVSS 4.0 base 9.2). Remediation in vario...

Command Injection

activestorage is vulnerable to command injection. The vulnerability is due to unsafe defaults in the allowed list of image transformation methods, which allows an attacker to supply arbitrary input and execute malicious commands...

MAL-2025-23063 Malicious code in image_transformations (npm)

The package imagetransformations was found to contain malicious code...

Malicious code in image_transformations (npm)

The package imagetransformations was found to contain malicious code...

GHSA-R4MG-4433-C7G3 Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

PT-2025-33109

Name of the Vulnerable Software and Affected Versions: Active Storage versions 5.2.0 through 8.0.2.1 Description: Active Storage allows the use of potentially unsafe image transformation methods and parameters by default. This can lead to command injection vulnerabilities when arbitrary...

openSUSE Security Advisory (SUSE-SU-2024:2786-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: leptonica-1.80.0-3.fc33

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

[SECURITY] Fedora 28 Update: leptonica-1.76.0-1.fc28

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

[SECURITY] Fedora 26 Update: leptonica-1.74.4-5.fc26

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...