Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Prior to version 1.12.2, using the #apply method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands.