VulnerableCode Package Details - pkg:gem/mini_magick@3.6.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/mini_magick@3.6.0

Essentials
History (4)

purl	pkg:gem/mini_magick@3.6.0

Next non-vulnerable version	4.9.4
Latest non-vulnerable version	4.9.4
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-xks8-n3w6-8bew Aliases: CVE-2019-13574 GHSA-r7j3-vvh2-xrpj	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') In lib/mini_magick/image.rb in MiniMagick, a fetched remote image filename could cause remote command execution.	4.9.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-fnj4-4we9-tfh7	Remote code execution If a URL is from an untrusted source, commands can be injected into it for remote code execution with the `;` character.	CVE-2013-2616 GHSA-w754-gq8r-pf5f OSV-91231

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:04:53.114653+00:00	GHSA Importer	Fixing	VCID-fnj4-4we9-tfh7	https://github.com/advisories/GHSA-w754-gq8r-pf5f	38.6.0
2026-06-04T20:23:27.655008+00:00	GitLab Importer	Affected by	VCID-xks8-n3w6-8bew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mini_magick/CVE-2019-13574.yml	38.6.0
2026-06-04T17:05:18.738348+00:00	GithubOSV Importer	Fixing	VCID-fnj4-4we9-tfh7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-w754-gq8r-pf5f/GHSA-w754-gq8r-pf5f.json	38.6.0
2026-06-02T04:36:08.828181+00:00	GitLab Importer	Fixing	VCID-fnj4-4we9-tfh7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/mini_magick/CVE-2013-2616.yml	38.6.0