ADVISORIES

• CVE-2014-1834 (NVD)
• GHSA-8936-cgj4-phr2
• OSVDB-102129

GEM

echor

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

None.

DESCRIPTION

Echor Gem for Ruby contains a flaw in backplane.rb in the perform_request function that is triggered when a semi-colon (;) is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a rails application.