echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution
Published: January 14, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-1834 (NVD)
- GHSA: GHSA-8936-cgj4-phr2
- OSVDB: OSVDB-102129
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
Echor Gem for Ruby contains a flaw in backplane.rb in the perform_request function that is triggered when a semi-colon (;) is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a rails application.