Executive Summary

Informations
NameCVE-2019-13574First vendor Publication2019-07-11
VendorCveLast vendor Modification2019-07-12

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreNot DefinedAttack RangeNot Defined
Cvss Impact ScoreNot DefinedAttack ComplexityNot Defined
Cvss Expoit ScoreNot DefinedAuthenticationNot Defined
Calculate full CVSS 2.0 Vectors scores

Detail

In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13574

Sources (Detail)

SourceUrl
BUGTRAQ https://seclists.org/bugtraq/2019/Jul/20
DEBIAN https://www.debian.org/security/2019/dsa-4481
MISC https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-versi...
https://github.com/minimagick/minimagick/commit/4cd5081e58810d3394d27a67219e8...
https://github.com/minimagick/minimagick/compare/d484786...293f9bb
https://github.com/minimagick/minimagick/releases/tag/v4.9.4

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2019-07-15 17:19:29
  • Multiple Updates
2019-07-14 05:19:16
  • Multiple Updates
2019-07-12 21:19:26
  • Multiple Updates
2019-07-12 17:18:48
  • Multiple Updates
2019-07-12 09:18:23
  • First insertion