Lucene search
K

21 matches found

SUSE CVE
SUSE CVE
added 2026/02/04 12:41 a.m.5 views

SUSE CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS5.9AI score0.02388EPSS
Exploits0References3
NVD
NVD
added 2026/01/30 9:15 p.m.4 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS0.02388EPSS
Exploits0References4
OSV
OSV
added 2026/01/30 9:15 p.m.2 views

UBUNTU-CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS6AI score0.02388EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/01/30 8:11 p.m.3 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS5.7AI score0.02388EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:11 p.m.6 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS6AI score0.02388EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/30 8:11 p.m.30 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS0.02388EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/01/30 8:11 p.m.5 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS6AI score0.02388EPSS
Exploits0
OSV
OSV
added 2025/08/14 12:6 a.m.6 views

GHSA-R4MG-4433-C7G3 Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

9.2CVSS7.4AI score0.02388EPSS
Exploits0References8
Snyk
Snyk
added 2025/08/14 12:6 a.m.4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to untrusted user input being accepted as transformation methods or parameters. An attacker can execute arbitrary commands on the server by supplying crafted input that circumvents safe defaults. Note: Th...

9.2CVSS7.7AI score0.02388EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/14 12:0 a.m.13 views

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

7.4AI score0.02388EPSS
Exploits0References8Affected Software1
RubySec
RubySec
added 2025/08/14 12:0 a.m.9 views

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

9.2CVSS7.6AI score0.02388EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2022/03/09 9:45 a.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection where the transformation method or its arguments are untrusted arbitrary input. Note: This vulnerability impacts applications that use Active Storage with the imageprocessing processing in addition to the...

9.8CVSS7.4AI score0.02742EPSS
Exploits0References2
OSV
OSV
added 2021/05/06 11:2 a.m.5 views

OESA-2021-1150 rubygem-mini_magick security update

A ruby wrapper for ImageMagick command line. Using MiniMagick the ruby processes memory remains small it spawns ImageMagick's command line program mogrify which takes up some memory as well, but is much smaller compared to RMagick. Security Fixes: In lib/minimagick/image.rb in MiniMagick before...

7.8CVSS7.1AI score0.07639EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/10/08 12:0 a.m.31 views

Debian DLA-1948-1 : ruby-mini-magick security update

In lib/minimagick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command. For Debian 8 'Jessie', this problem has been fixed in version...

7.8CVSS7.5AI score0.07639EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/10/08 12:0 a.m.80 views

Debian: Security Advisory (DLA-1948-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.07639EPSS
Exploits1References3
Debian
Debian
added 2019/10/07 11:14 a.m.61 views

[SECURITY] [DLA 1948-1] ruby-mini-magick security update

Package : ruby-mini-magick Version : 3.8.1-1+deb8u1 CVE ID : CVE-2019-13574 Debian Bug : 931932 In lib/minimagick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | charact...

7.8CVSS7.6AI score0.07639EPSS
Exploits1
OSV
OSV
added 2019/10/07 12:0 a.m.15 views

DLA-1948-1 ruby-mini-magick - security update

Bulletin has no description...

7.8CVSS7.4AI score0.07639EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/07/15 12:0 a.m.20 views

Debian DSA-4481-1 : ruby-mini-magick - security update

Harsh Jaiswal discovered a remote shell execution vulnerability in ruby-mini-magick, a Ruby library providing a wrapper around ImageMagick or GraphicsMagick, exploitable when using MiniMagick::Image.open with specially crafted URLs coming from unsanitized user input. C Tenable Network Security,...

7.8CVSS7.6AI score0.07639EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2019/07/14 12:0 a.m.15 views

Debian: Security Advisory (DSA-4481-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.07639EPSS
Exploits1References4
OSV
OSV
added 2019/07/13 12:0 a.m.15 views

DSA-4481-1 ruby-mini-magick - security update

Bulletin has no description...

7.8CVSS7.4AI score0.07639EPSS
Exploits1
Rows per page
Query Builder