When I pushed the Rails app to GitHub, I received an alarm email for a vulnerability related to mini_magick. Keep it as a memorandum until the solution.
The version of mini_magick is old, and the fetched remote image file name may cause the execution of remote commands. The solution seems to be to upgrade the version.
gem 'mini_magick', '3.8.0'
The current version of MiniMagick was 3.8 Modify to install 4.9.4 or later as suggested in the alert.
gem 'mini_magick', '>= 4.9.4'
By editing as above, you should be upgraded to 4.9.4 or later.
The version should have changed with this, so check the operation and if there is no problem, it is OK. After that, if you push it, the alert disappears!