Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation in image_processing
Vulnerability Description
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Image-Processing 安全漏洞
Vulnerability Description
Image-Processing是一个使用 C 的图像处理代码存储库。 Image-Processing 1.12.2之前版本存在安全漏洞,该漏洞源于apply方法使用未经处理的用户输入,这允许攻击者执行系统命令。
CVSS Information
N/A
Vulnerability Type
N/A