RubySec

Providing security resources for the Ruby community

CVE-2013-4478 (sup): Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution

ADVISORIES

GEM

sup

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

  • ~> 0.13.2.1
  • >= 0.14.1.1

DESCRIPTION

Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.