gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into
gm.compare(), which fails to sanitize input correctly before calling the graphics magic binary.
Update to version 1.21.1 or later.
publishedAdvisory publishedOct 26th, 2015
reportedInitial report by Brendan Scarvell of ConsoleOct 26th, 2015