Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-4479
Vulnerability from gsd - Updated: 2013-10-29 00:00Details
Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-4479",
"description": "lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.",
"id": "GSD-2013-4479",
"references": [
"https://www.debian.org/security/2013/dsa-2805"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "sup",
"purl": "pkg:gem/sup"
}
}
],
"aliases": [
"CVE-2013-4479",
"OSVDB-99074"
],
"details": "Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.",
"id": "GSD-2013-4479",
"modified": "2013-10-29T00:00:00.000Z",
"published": "2013-10-29T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "http://www.phenoelit.org/stuff/whatsup.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.8,
"type": "CVSS_V2"
}
],
"summary": "Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html",
"refsource": "MISC",
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "http://secunia.com/advisories/55294",
"refsource": "MISC",
"url": "http://secunia.com/advisories/55294"
},
{
"name": "http://secunia.com/advisories/55400",
"refsource": "MISC",
"url": "http://secunia.com/advisories/55400"
},
{
"name": "http://www.debian.org/security/2012/dsa-2805",
"refsource": "MISC",
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/10/30/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html"
},
{
"name": "http://seclists.org/fulldisclosure/2013/Oct/272",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2013/Oct/272"
},
{
"name": "https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42",
"refsource": "MISC",
"url": "https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-4479",
"cvss_v2": 6.8,
"date": "2013-10-29",
"description": "Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.",
"gem": "sup",
"osvdb": 99074,
"patched_versions": [
"~\u003e 0.13.2.1",
"\u003e= 0.14.1.1"
],
"title": "Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution",
"url": "http://www.phenoelit.org/stuff/whatsup.txt"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=0.14.1",
"affected_versions": "All versions up to 0.14.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2016-12-22",
"description": "lib/sup/message_chunks.rb in Sup allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.",
"fixed_versions": [
"0.15.0"
],
"identifier": "CVE-2013-4479",
"identifiers": [
"CVE-2013-4479"
],
"not_impacted": "All versions after 0.14.1",
"package_slug": "gem/sup",
"pubdate": "2013-12-07",
"solution": "Upgrade to version 0.15.0 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2013-4479",
"http://www.debian.org/security/2012/dsa-2805",
"http://www.openwall.com/lists/oss-security/2013/10/30/2",
"http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html",
"http://secunia.com/advisories/55400",
"http://secunia.com/advisories/55294",
"https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42",
"http://seclists.org/fulldisclosure/2013/Oct/272",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html"
],
"uuid": "74d2622d-e6c5-462d-95ef-98c9cf1a0d93"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4479"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2805",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
},
{
"name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1",
"refsource": "MLIST",
"tags": [],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "55400",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55400"
},
{
"name": "55294",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55294"
},
{
"name": "https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42"
},
{
"name": "20131029 Advisory: sup MUA Command Injection",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2013/Oct/272"
},
{
"name": "FEDORA-2015-14929",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2016-12-22T02:59Z",
"publishedDate": "2013-12-07T20:55Z"
}
}
}
GSD-2013-4478
Vulnerability from gsd - Updated: 2013-10-29 00:00Details
Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-4478",
"description": "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.",
"id": "GSD-2013-4478",
"references": [
"https://www.debian.org/security/2013/dsa-2805"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "sup",
"purl": "pkg:gem/sup"
}
}
],
"aliases": [
"CVE-2013-4478",
"OSVDB-99074"
],
"details": "Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.",
"id": "GSD-2013-4478",
"modified": "2013-10-29T00:00:00.000Z",
"published": "2013-10-29T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "http://www.phenoelit.org/stuff/whatsup.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.8,
"type": "CVSS_V2"
}
],
"summary": "Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html",
"refsource": "MISC",
"url": "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html"
},
{
"name": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html",
"refsource": "MISC",
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "http://secunia.com/advisories/55294",
"refsource": "MISC",
"url": "http://secunia.com/advisories/55294"
},
{
"name": "http://secunia.com/advisories/55400",
"refsource": "MISC",
"url": "http://secunia.com/advisories/55400"
},
{
"name": "http://www.debian.org/security/2012/dsa-2805",
"refsource": "MISC",
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/10/30/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
},
{
"name": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785",
"refsource": "MISC",
"url": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-4478",
"cvss_v2": 6.8,
"date": "2013-10-29",
"description": "Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.",
"gem": "sup",
"osvdb": 99074,
"patched_versions": [
"~\u003e 0.13.2.1",
"\u003e= 0.14.1.1"
],
"title": "Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution",
"url": "http://www.phenoelit.org/stuff/whatsup.txt"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=0.14.1",
"affected_versions": "All versions up to 0.14.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2013-12-09",
"description": "Sup allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.",
"fixed_versions": [
"0.15.0"
],
"identifier": "CVE-2013-4478",
"identifiers": [
"CVE-2013-4478"
],
"not_impacted": "All versions after 0.14.1",
"package_slug": "gem/sup",
"pubdate": "2013-12-07",
"solution": "Upgrade to versions 0.15.0 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2013-4478",
"http://www.debian.org/security/2012/dsa-2805",
"http://www.openwall.com/lists/oss-security/2013/10/30/2",
"http://secunia.com/advisories/55400",
"http://secunia.com/advisories/55294",
"https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785",
"http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html",
"http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
],
"uuid": "ce4c3b25-bde4-47d4-9d72-e7db3940e868"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:supmua:sup:0.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4478"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2805",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
},
{
"name": "55400",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55400"
},
{
"name": "55294",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55294"
},
{
"name": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785"
},
{
"name": "[sup-talk] 20130818 Fwd: Security issue with suggested configuration of sup",
"refsource": "MLIST",
"tags": [],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html"
},
{
"name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1",
"refsource": "MLIST",
"tags": [],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2013-12-09T17:54Z",
"publishedDate": "2013-12-07T20:55Z"
}
}
}