CVE-2022-24720CRITICALCVSS 9.8fixed in 1.12.22022-03-01
CVE-2022-24720 [CRITICAL] CWE-20 CVE-2022-24720: image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, s
ghsanvdosv