GHSA-5f2p-6vjv-2q2m

Source

https://github.com/advisories/GHSA-5f2p-6vjv-2q2m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5f2p-6vjv-2q2m/GHSA-5f2p-6vjv-2q2m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5f2p-6vjv-2q2m

Aliases

CVE-2013-4478

Published

2022-05-17T04:56:46Z

Modified

2024-12-06T05:37:48.648904Z

Summary

Sup Code Injection vulnerability

Details

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

Database specific

{
    "nvd_published_at": "2013-12-07T20:55:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T00:02:42Z"
}

References

Affected packages

RubyGems / sup

Package

Name: sup
Purl: pkg:gem/sup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.2.1

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.8.1

0.9

0.9.1

0.10

0.10.1

0.10.2

0.11

0.12

0.12.1

0.13.0

0.13.1

0.13.2

RubyGems / sup

Package

Name: sup
Purl: pkg:gem/sup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.14.0

Fixed

0.14.1.1

Affected versions

0.*

0.14.0

0.14.1