10 matches found
SUSE CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to untrusted user input being accepted as transformation methods or parameters. An attacker can execute arbitrary commands on the server by supplying crafted input that circumvents safe defaults. Note: Th...
Active Storage allowed transformation methods that were potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection where the transformation method or its arguments are untrusted arbitrary input. Note: This vulnerability impacts applications that use Active Storage with the imageprocessing processing in addition to the...
OESA-2021-1150 rubygem-mini_magick security update
A ruby wrapper for ImageMagick command line. Using MiniMagick the ruby processes memory remains small it spawns ImageMagick's command line program mogrify which takes up some memory as well, but is much smaller compared to RMagick. Security Fixes: In lib/minimagick/image.rb in MiniMagick before...
DEBIAN-CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...