CVE-2013-4479
Sup Code Injection vulnerability
EPSS 0.51%
Description
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
How to fix CVE-2013-4479
To remediate CVE-2013-4479, upgrade the affected package to a fixed version below.
- Debian/sup-mail—upgrade to 0.12.1+git20120407.aaa852f-1+deb7u1 or later
- RubyGems/sup—upgrade to 0.13.2.1 or later
Is CVE-2013-4479 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.12.1+git20120407.aaa852f-1+deb7u1
- from 0, < 0.13.2.1