RubySec

Providing security resources for the Ruby community

OSVDB-108530 (kajam): kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution

ADVISORIES

  • OSVDB-108530

GEM

kajam

PATCHED VERSIONS

None.

DESCRIPTION

kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.