ADVISORIES

• OSVDB-108530
• Vendor Advisory

GEM

kajam

PATCHED VERSIONS

None.

DESCRIPTION

kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.

RELATED

• https://security.snyk.io/vuln/SNYK-RUBY-KAJAM-20171
• https://my.diffend.io/gems/kajam/1.0.3.rc2
• http://osvdb.org/show/osvdb/108530