Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| supmua | sup | 0.13.0 |
| supmua | sup | 0.13.1 |
| supmua | sup | 0.14.0 |
| supmua | sup | * |
| supmua | sup | 0.14.1 |
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| supmua | sup | 0.13.0 |
| supmua | sup | 0.13.1 |
| supmua | sup | 0.14.0 |
| supmua | sup | * |
| supmua | sup | 0.14.1 |