Discovered almost 5 years ago
Source: static code analysis
Category: Command Injection
Confidence level: Medium

Problem

Possible command injection

Location

app/models/upload.rb:249

`convert #{path} -auto-orient #{path}`

Category description: Command injection occurs when shell commands unsafely include user-manipulatable values.

Solution: fix the issue in app/models/upload.rb or mark it as false positive.