---
gem: echor
cve: 2014-1834
osvdb: 102129
url: https://nvd.nist.gov/vuln/detail/CVE-2014-1834
title: echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution
date: 2014-01-14
description: |
  Echor Gem for Ruby contains a flaw in backplane.rb in the perform_request
  function that is triggered when a semi-colon (;) is injected into a username
  or password. This may allow a context-dependent attacker to inject arbitrary
  commands if the gem is used in a rails application.