In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
Published : 2019-07-12 03:15 Updated : 2019-07-12 12:59
There is no CVSS for this CVE.
There is no CPE for this CVE.
There is no CWE for this CVE.
History of changes