CVE-2014-1834: Arbitrary Command Execution

February 2, 2018 (updated February 14, 2018)

The echor Gem for Ruby contains a flaw in backplane.rb in the perform_request function that is triggered when a semi-colon ; is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a RoR application.

References

osvdb.org/show/osvdb/102129

Detect and mitigate CVE-2014-1834 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →