Lucene search

GoogleOSV:GHSA-HH2X-7MF9-78FR

HistoryMay 17, 2022 - 3:20 a.m.

Sup Code Injection vulnerability

2022-05-1703:20:59

Google

osv.dev

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.

CPENameOperatorVersion
supeq0.13.1
supeq0.1
supeq0.14.0
supeq0.0.4
supeq0.13.0
supeq0.10
supeq0.13.2
supeq0.8
supeq0.0.5
supeq0.8.1

Name	Operator	Version
sup	eq	0.13.1
sup	eq	0.1
sup	eq	0.14.0
sup	eq	0.0.4
sup	eq	0.13.0
sup	eq	0.10
sup	eq	0.13.2
sup	eq	0.8
sup	eq	0.0.5
sup	eq	0.8.1

Rows per page:

1-10 of 301

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html

rubyforge.org/pipermail/sup-talk/2013-October/004996.html

seclists.org/fulldisclosure/2013/Oct/272

secunia.com/advisories/55294

secunia.com/advisories/55400

www.debian.org/security/2012/dsa-2805

www.openwall.com/lists/oss-security/2013/10/30/2

www.phenoelit.org/stuff/whatsup.txt

github.com/rubysec/ruby-advisory-db/blob/master/gems/sup/CVE-2013-4479.yml

github.com/sup-heliotrope/sup

github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42

nvd.nist.gov/vuln/detail/CVE-2013-4479

web.archive.org/web/20140524005344/rubyforge.org/pipermail/sup-talk/2013-October/004996.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Related for OSV:GHSA-HH2X-7MF9-78FR