VulnerableCode Package Details - pkg:gem/mini_magick@3.5.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/mini_magick@3.5.0

Essentials
History (3)

purl	pkg:gem/mini_magick@3.5.0

Next non-vulnerable version	4.9.4
Latest non-vulnerable version	4.9.4
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-fnj4-4we9-tfh7 Aliases: CVE-2013-2616 GHSA-w754-gq8r-pf5f OSV-91231	Remote code execution If a URL is from an untrusted source, commands can be injected into it for remote code execution with the `;` character.	3.6.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xks8-n3w6-8bew Aliases: CVE-2019-13574 GHSA-r7j3-vvh2-xrpj	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') In lib/mini_magick/image.rb in MiniMagick, a fetched remote image filename could cause remote command execution.	4.9.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:23:27.650948+00:00	GitLab Importer	Affected by	VCID-xks8-n3w6-8bew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mini_magick/CVE-2019-13574.yml	38.6.0
2026-06-04T18:08:35.503813+00:00	Ruby Importer	Affected by	VCID-fnj4-4we9-tfh7	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mini_magick/CVE-2013-2616.yml	38.6.0
2026-06-02T04:36:08.823742+00:00	GitLab Importer	Affected by	VCID-fnj4-4we9-tfh7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mini_magick/CVE-2013-2616.yml	38.6.0