GHSA-5f2p-6vjv-2q2m

Suggest an improvement
Source
https://github.com/advisories/GHSA-5f2p-6vjv-2q2m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5f2p-6vjv-2q2m/GHSA-5f2p-6vjv-2q2m.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-5f2p-6vjv-2q2m
Aliases
Published
2022-05-17T04:56:46Z
Modified
2024-12-06T05:40:41.026764Z
Summary
Sup Code Injection vulnerability
Details

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

Database specific
{
    "nvd_published_at": "2013-12-07T20:55:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T00:02:42Z"
}
References

Affected packages

RubyGems / sup

Package

Name
sup
Purl
pkg:gem/sup

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.2.1

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.8.1
0.9
0.9.1
0.10
0.10.1
0.10.2
0.11
0.12
0.12.1
0.13.0
0.13.1
0.13.2

RubyGems / sup

Package

Name
sup
Purl
pkg:gem/sup

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.14.0
Fixed
0.14.1.1

Affected versions

0.*

0.14.0
0.14.1