MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
Published: March 12, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2616 (NVD)
- GHSA: GHSA-w754-gq8r-pf5f
- OSVDB: OSVDB-91231
GEM
SEVERITY
CVSS v2.0: 9.3 (High)
PATCHED VERSIONS
>= 3.6.0
DESCRIPTION
MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands.