lib/sup/message_chunks.rb
in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
{ "nvd_published_at": "2013-12-07T20:55:00Z", "cwe_ids": [ "CWE-94" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-01-27T00:53:07Z" }