Wednesday, May 4, 2016

Ruby on Rails PHP and Node.js Applications Accepting Image Uploads Vulnerable to Remote Code Execution Through ImageMagick

If your project accepts image uploads, your application could be at risk.

A new vulnerability affecting the image conversion package ImageMagick, has been reported that would allow attackers to upload malicious image files capable of executing code on your server.

ImageMagick is a system level package for image manipulation that is highly utilized by web applications based on node.js, ruby on rails, and php. Bottom line, if your application accepts image uploads, there is a very good chance it relies on ImageMagick and is vulnerable.

This link outlines the steps you should be taking to mitigate the possibility of being affected. If you or your team needs help addressing this please contact me.