Wednesday, May 4, 2016

Ruby on Rails PHP and Node.js Applications Accepting Image Uploads Vulnerable to Remote Code Execution Through ImageMagick

If your project accepts image uploads, your application could be at risk.

A new vulnerability affecting the image conversion package ImageMagick, has been reported that would allow attackers to upload malicious image files capable of executing code on your server.

ImageMagick is a system level package for image manipulation that is highly utilized by web applications based on node.js, ruby on rails, and php. Bottom line, if your application accepts image uploads, there is a very good chance it relies on ImageMagick and is vulnerable.

This link outlines the steps you should be taking to mitigate the possibility of being affected. If you or your team needs help addressing this please contact me.

1 comment:

  1. The dust spoon era has become extra disillusioned underneath South Korean President Moon Jae-in. Moon rose to energy in 2017 with younger people’s help because of|as a outcome of} his platform stood for social and economic equality, says Seoho Lee, an international relations fellow at Johns 까모벳 Hopkins University. Four years later, inequality, debt, home prices, and youth unemployment have skyrocketed.

    ReplyDelete