CVE-2013-4478
Description
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.4
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-4478,CVE-2013-4479 are fixed in Ruby-sup 0.13.2.1 | Windows |
| Vulnerabilities CVE-2013-4478,CVE-2013-4479 are fixed in Ruby-sup 0.14.1.1 | Windows |
| Vulnerabilities CVE-2013-4478,CVE-2013-4479 are fixed in Ruby-sup for Linux 0.13.2.1 | Linux |
| Vulnerabilities CVE-2013-4478,CVE-2013-4479 are fixed in Ruby-sup for Linux 0.14.1.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234