Skip to content

MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection

High severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Aug 29, 2023

Package

bundler mini_magick (RubyGems)

Affected versions

< 3.6.0

Patched versions

3.6.0
Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Aug 29, 2023

Severity

High

EPSS score

0.802%
(82nd percentile)

Weaknesses

CVE ID

CVE-2013-2616

GHSA ID

GHSA-w754-gq8r-pf5f

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.