RubySec

Providing security resources for the Ruby community

CVE-2013-4479 (sup): Sup MUA Email Attachment Content Type Handling Arbitrary Command Execution

ADVISORIES

GEM

sup

SEVERITY

CVSS v2: 6.8

PATCHED VERSIONS

  • ~> 0.13.2.1
  • >= 0.14.1.1

DESCRIPTION

Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands.