CVE-2013-4478

sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Filename

Title source: llm
STIX 2.1

Description

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

References (7)

Core 7
Core References
Various Sources mailing-list x_refsource_mlist
http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55294
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55400
Various Sources mailing-list x_refsource_mlist
http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2805
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/30/2

Scores

EPSS 0.0214
EPSS Percentile 79.8%

Details

CWE
CWE-94
Status published
Products (6)
rubygems/sup 0 - 0.13.2.1RubyGems
supmua/sup 0.13.0
supmua/sup 0.13.1
supmua/sup 0.14.0
supmua/sup 0.14.1
supmua/sup < 0.13.2
Published Dec 07, 2013
Tracked Since Feb 18, 2026