OSVDB-108900: dbuser Variable Shell Metacharacter Injection Remote Command Execution

July 9, 2014

This package contains a flaw that is triggered as input passed via the ‘dbuser’ variable is not properly sanitized. This may allow a remote attacker to inject shell metacharacters and execute arbitrary commands.

References

github.com/rubysec/ruby-advisory-db/blob/master/gems/brbackup/OSVDB-108900.yml

Detect and mitigate OSVDB-108900 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →