CVE-2013-4478 – sup

Package

Manager: gem
Name: sup
Vulnerable Version: >=0 <0.13.2.1 || >=0.14.0 <0.14.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.004 pctl0.59944

Details

Sup Code Injection vulnerability Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

Metadata

Created: 2022-05-17T04:56:46Z
Modified: 2023-01-27T00:02:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5f2p-6vjv-2q2m/GHSA-5f2p-6vjv-2q2m.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-5f2p-6vjv-2q2m
Finding: F422
Auto approve: 1