OSVDB-108530 (kajam): kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution

kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution

Published: June 30, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-108530
Vendor Advisory: https://security.snyk.io/vuln/SNYK-RUBY-KAJAM-20171

GEM

kajam

PATCHED VERSIONS

None available.

DESCRIPTION

kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.

https://security.snyk.io/vuln/SNYK-RUBY-KAJAM-20171
https://my.diffend.io/gems/kajam/1.0.3.rc2
http://osvdb.org/show/osvdb/108530

RubySec

OSVDB-108530 (kajam): kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution

kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories