Sha256: 9c49045c49eaf3d785cf3fefef438f20c289240bd88b4792bd6f50a22864607a

Contents?: true

Size: 496 Bytes

Versions: 5

Compression:

Stored size: 496 Bytes

Contents

---
gem: echor
cve: 2014-1834
osvdb: 102129
url: http://osvdb.org/show/osvdb/102129
title: echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution
date: 2014-01-14
description: |
  Echor Gem for Ruby contains a flaw in backplane.rb in the perform_request
  function that is triggered when a semi-colon (;) is injected into a username
  or password. This may allow a context-dependent attacker to inject arbitrary
  commands if the gem is used in a rails application.

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/echor/OSVDB-102129.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/echor/OSVDB-102129.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/echor/OSVDB-102129.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/echor/OSVDB-102129.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/echor/OSVDB-102129.yml