Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
In lib/mini_magick/image.rb in MiniMagick, a fetched remote image filename could cause remote command execution.
Advisories for Gem/Mini_magick package
2019
2013
Remote code execution
If a URL is from an untrusted source, commands can be injected into it for remote code execution with the ; character.