Title:Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem
Unescaped user supplied input is passed to the command line for shell execution:

from fog-dragonfly-0.8.2/lib/dragonfly/imagemagickutils.rb:

20     def convert(tempobject, args='', format=nil)
 21       tempfile = newtempfile(format)
 22       run "#{convertcommand} #{args} #{tempobject.path} #{tempfile.path}"
 23       tempfile
 24     end
.
.
.

61     def run(command)
 62       log.debug("Running command: #{command}") if ImageMagickUtils.log_commands
 63       begin
 64         result = #{command}