Vulnerability Details CVE-2013-4478
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.9%
CVSS Severity
CVSS v2 Score 6.8
References
- http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
- http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
- http://secunia.com/advisories/55294
- http://secunia.com/advisories/55400
- http://www.debian.org/security/2012/dsa-2805
- http://www.openwall.com/lists/oss-security/2013/10/30/2
- https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
- http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html
- http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
- http://secunia.com/advisories/55294
- http://secunia.com/advisories/55400
- http://www.debian.org/security/2012/dsa-2805
- http://www.openwall.com/lists/oss-security/2013/10/30/2
- https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
Products affected by CVE-2013-4478
-
cpe:2.3:a:supmua:sup:0.13.0
-
cpe:2.3:a:supmua:sup:0.13.1
-
cpe:2.3:a:supmua:sup:0.13.2
-
cpe:2.3:a:supmua:sup:0.14.0
-
cpe:2.3:a:supmua:sup:0.14.1