CVE-2019-13574: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

(updated )

In lib/mini_magick/image.rb in MiniMagick, a fetched remote image filename could cause remote command execution.

References

Detect and mitigate CVE-2019-13574 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →