RubyGems MiniMagic 'mini_magick.rb' Remote Command Execution Vulnerability

Bugtraq ID:	58448
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 12 2013 12:00AM
Updated:	Mar 12 2013 12:00AM
Credit:	Larry W. Cashdollar
Vulnerable:
Not Vulnerable:

RubyGems MiniMagic 'mini_magick.rb' Remote Command Execution Vulnerability

mini_magick is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary commands in the context of the affected application.

RubyGems MiniMagic 'mini_magick.rb' Remote Command Execution Vulnerability

An attacker must entice an unsuspecting victim to click a malicious URI.

RubyGems MiniMagic 'mini_magick.rb' Remote Command Execution Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

RubyGems MiniMagic 'mini_magick.rb' Remote Command Execution Vulnerability

References: