CVE-2013-4479

2013-12-0720:55:02

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.022

Percentile

89.6%

JSON

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.

Affected configurations

Nvd

Node

supmuasupRange≤0.13.2

supmuasupMatch0.13.0

supmuasupMatch0.13.1

supmuasupMatch0.14.0

supmuasupMatch0.14.1

VendorProductVersionCPE
supmuasup*cpe:2.3:a:supmua:sup:*:*:*:*:*:*:*:*
supmuasup0.13.0cpe:2.3:a:supmua:sup:0.13.0:*:*:*:*:*:*:*
supmuasup0.13.1cpe:2.3:a:supmua:sup:0.13.1:*:*:*:*:*:*:*
supmuasup0.14.0cpe:2.3:a:supmua:sup:0.14.0:*:*:*:*:*:*:*
supmuasup0.14.1cpe:2.3:a:supmua:sup:0.14.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
supmua	sup	*	cpe:2.3:a:supmua:sup::::::::
supmua	sup	0.13.0	cpe:2.3:a:supmua:sup:0.13.0:::::::*
supmua	sup	0.13.1	cpe:2.3:a:supmua:sup:0.13.1:::::::*
supmua	sup	0.14.0	cpe:2.3:a:supmua:sup:0.14.0:::::::*
supmua	sup	0.14.1	cpe:2.3:a:supmua:sup:0.14.1:::::::*