echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution

Metadata

unknown
unknown
echor
CVE-2014-1834
osvdb.org
2014-01-14
2017-04-01 19:10
2017-01-05 20:15

Description

Echor Gem for Ruby contains a flaw in backplane.rb in the perform_request
function that is triggered when a semi-colon (;) is injected into a username
or password. This may allow a context-dependent attacker to inject arbitrary
commands if the gem is used in a rails application.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in Unaffected in
echor None None