Shell Command Injection

2022-03-0304:16:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.6%

JSON

image_processing is vulnerable to shell command injection. The apply function in chainable.rb does not properly check unsanitized user input operational commands, allowing an attacker to inject and execute malicious shell commands.

CPENameOperatorVersion
image_processingle1.12.1
image_processingle1.12.1
ruby-image-processing:bookwormeq1.10.3-1
ruby-image-processing:sideq1.10.3-1

Name	Operator	Version
image_processing	le	1.12.1
image_processing	le	1.12.1
ruby-image-processing:bookworm	eq	1.10.3-1
ruby-image-processing:sid	eq	1.10.3-1

References

github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada

github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446

www.debian.org/security/2022/dsa-5310

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for VERACODE:34486