Lucene search

GoogleOSV:GHSA-HH2X-7MF9-78FR

HistoryMay 17, 2022 - 3:20 a.m.

Sup Code Injection vulnerability

2022-05-1703:20:59

Google

osv.dev

vulnerability

sup

code injection

message_chunks.rb

remote attackers

execute arbitrary commands

shell metacharacters

content_type

email attachment

software

EPSS

0.022

Percentile

89.6%

JSON

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html

rubyforge.org/pipermail/sup-talk/2013-October/004996.html

seclists.org/fulldisclosure/2013/Oct/272

secunia.com/advisories/55294

secunia.com/advisories/55400

www.debian.org/security/2012/dsa-2805

www.openwall.com/lists/oss-security/2013/10/30/2

www.phenoelit.org/stuff/whatsup.txt

github.com/rubysec/ruby-advisory-db/blob/master/gems/sup/CVE-2013-4479.yml

github.com/sup-heliotrope/sup

github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42

nvd.nist.gov/vuln/detail/CVE-2013-4479

web.archive.org/web/20140524005344/rubyforge.org/pipermail/sup-talk/2013-October/004996.html

EPSS

0.022

Percentile

89.6%

JSON

Related for OSV:GHSA-HH2X-7MF9-78FR