21 matches found
EUVD-2017-0322
Malware in sbrugna...
EUVD-2019-0603
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-13574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly...
Ruby on Rails: Argument/Code Injection via ActiveStorage's image transformation functionality
An argument/code injection vulnerability was discovered in ActiveStorage's image transformation functionality. This vulnerability allowed an attacker to inject arbitrary arguments into the image transformation command, potentially leading to remote code execution. The vulnerability was found in t...
OS Command Injection in MiniMagick
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | character followed by a command...
GHSA-R7J3-VVH2-XRPJ OS Command Injection in MiniMagick
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | character followed by a command...
CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
Input validation
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
UBUNTU-CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
CVE-2019-13574
The CVE concerns MiniMagick before 4.9.4: in lib/mini_magick/image.rb, a fetched remote image filename could be passed directly to Kernel.open, with the leading ‘|’ indicating a shell command, enabling remote command execution. Connected advisories confirm the issue is a remote command execution ...
Remote command execution via filename
A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input. e.g. MiniMagick::Image.open"| touch.txt"...
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
lib/minimagick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
GHSA-W754-GQ8R-PF5F MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
lib/minimagick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
Code injection
lib/minimagick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
CVE-2013-2616
lib/minimagick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
CVE-2013-2616
The CVE-2013-2616 entry affects the MiniMagick Ruby gem, specifically lib/mini_magick.rb in version 1.3.1. The vulnerability arises when handling a URL containing shell metacharacters, enabling a context-dependent attacker to execute arbitrary commands, i.e., an arbitrary command injection via cr...