-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| sup | rubygems | < 0.13.2.1 | 0.13.2.1 |
| sup | rubygems | >= 0.14.0, < 0.14.1.1 | 0.14.1.1 |
RubyRubyMiggo AIRoot Cause AnalysisThe vulnerability stems from improper shell argument escaping in two key areas:
w3m command execution. The patch added Shellwords.escape here.
Both locations directly used user-controlled filenames in shell command contexts without adequate sanitization, enabling command injection via crafted attachment names.KEV Misses 88% of Exploited CVEs- Get the report