CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Minimagick Project: Security Vulnerabilities

CVE-2019-13574

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

CVSS Score

7.8

EPSS Score

0.295

Published

2019-07-12

Page 1

Vulnerabilities

Vulnerable Software

Minimagick Project: Security Vulnerabilities

Products

Pricing

Contact Us