When I pushed the Rails app to GitHub, I received an alarm email about a vulnerability related to mini_magick. Keep it as a memorandum until resolution.
Problems and causes
The version of mini_magick is old and the fetched remote image file name may cause remote command execution. The solution seems to be to upgrade the version.
The current MiniMagick version was 3.8 Fix to install 4.9.4 or later as suggested in the alert.
Edit as above and it should upgrade to 4.9.4 or later.
The version should have changed with this, so check the operation and if there is no problem OK. After that, if you push it, the alert disappeared!