ADVISORIES

• CVE-2013-2616 (NVD)
• GHSA-w754-gq8r-pf5f
• OSVDB-91231

GEM

mini_magick

SEVERITY

CVSS v2.0: 9.3 (High)

PATCHED VERSIONS

• >= 3.6.0

DESCRIPTION

MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ‘;’ character. This may allow a context-dependent attacker to potentially execute arbitrary commands.