GHSA-hh2x-7mf9-78fr

Source

https://github.com/advisories/GHSA-hh2x-7mf9-78fr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hh2x-7mf9-78fr/GHSA-hh2x-7mf9-78fr.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-hh2x-7mf9-78fr

Aliases

CVE-2013-4479

Published

2022-05-17T03:20:59Z

Modified

2024-11-29T05:41:09.250303Z

Summary

Sup Code Injection vulnerability

Details

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.

Database specific

{
    "nvd_published_at": "2013-12-07T20:55:00Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T00:53:07Z"
}

References

Affected packages

RubyGems / sup

Package

Name: sup
Purl: pkg:gem/sup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.2.1

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.8.1

0.9

0.9.1

0.10

0.10.1

0.10.2

0.11

0.12

0.12.1

0.13.0

0.13.1

0.13.2

RubyGems / sup

Package

Name: sup
Purl: pkg:gem/sup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.14.0

Fixed

0.14.1.1

Affected versions

0.*

0.14.0

0.14.1