CVE-2013-2616: Remote code execution

March 20, 2013 (updated November 29, 2017)

If a URL is from an untrusted source, commands can be injected into it for remote code execution with the ; character.

References

direct.osvdb.org/show/osvdb/91231
vapid.dhs.org/advisories/minimagick.html

Code Behaviors & Features

Detect and mitigate CVE-2013-2616 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →