Name | CVE-2019-13574 |
Description | In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-1948-1, DSA-4481-1 |
Debian Bugs | 931932 |
The table below lists information on source packages.
The information below is based on the following data on fixed versions.