Is Redmine affected by the ImageTragick security flaw?
There are multiple vulnerabilities in ImageMagick, a package commonly used by
web services to process images. One of the vulnerabilities can lead to remote
code execution (RCE) if you process user submitted images. The exploit for this
vulnerability is being used in the wild.
A number of image processing plugins depend on the ImageMagick library,
including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and
RE: Is Redmine affected by the ImageTragick security flaw? - Added by Angelo Bertolli almost 2 years ago
Yes, if you have an issue tracker with attachments. Someone uploads an image and then rmagick is used to modify the image (e.g. create a thumbnail) could allow them to execute code on your system.