GHSA-26hp-cgjj-m2j3: fuel/core ImageMagick driver does not escape all shell arguments.

May 15, 2024

This vulnerability may cause OS commands to be executed when you pass unvalidated image filenames containing specially crafted strings to the ImageMagick driver.

References

fuelphp.com/security-advisories
github.com/FriendsOfPHP/security-advisories/blob/master/fuel/core/2016-06-29-1.yaml
github.com/advisories/GHSA-26hp-cgjj-m2j3
github.com/fuel/core
github.com/fuel/core/commit/95c134e9e087f3c4523fe6cd86ed4e9e1e7af91c

Detect and mitigate GHSA-26hp-cgjj-m2j3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →