Security Advisory

CVE-2019-13574

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-12 02:31:25

Last updated 2024-08-04 23:57:39

Assigner mitre

State PUBLISHED

Description

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a | character followed by a command.

← Browse all CVEs View on cve.org ↗