[Ruby] How to resolve when MiniMagick vulnerability alert appears on GitHub

less than 1 minute read


When I pushed the Rails app to GitHub, I received an alarm email about a vulnerability related to mini_magick. Keep it as a memorandum until resolution.

Problems and causes

image.png The version of mini_magick is old and the fetched remote image file name may cause remote command execution. The solution seems to be to upgrade the version.

Edit GemFile


gem'mini_magick', '3.8.0'

The current MiniMagick version was 3.8 Fix to install 4.9.4 or later as suggested in the alert.


gem'mini_magick','>= 4.9.4'

Edit as above and it should upgrade to 4.9.4 or later.

bundle install


bundle install

The version should have changed with this, so check the operation and if there is no problem OK. After that, if you push it, the alert disappeared!