ADVISORIES

• CVE-2013-4479 (NVD)
• GHSA-hh2x-7mf9-78fr
• OSVDB-99074
• Vendor Advisory

GEM

sup

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

• ~> 0.13.2.1
• >= 0.14.1.1

DESCRIPTION

Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.

RELATED

• CVE-2013-4478 (NVD)
• GHSA-5f2p-6vjv-2q2m
• https://nvd.nist.gov/vuln/detail/CVE-2013-4479
• https://web.archive.org/web/20140524005344/http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
• https://seclists.org/fulldisclosure/2013/Oct/272
• https://seclists.org/fulldisclosure/2013/Oct/att-272/whatsup.txt
• https://www.openwall.com/lists/oss-security/2013/10/30/2
• https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42
• https://security-tracker.debian.org/tracker/CVE-2013-4479
• https://lwn.net/Articles/575351
• https://github.com/advisories/GHSA-hh2x-7mf9-78fr