Command injection vulnerability
The script /test/tc_database.rb exposes MySQL password information in plaintext in the process table. If this Gem is used in the context of a RoR application a remote attacker might be able to inject commands via the #{user} and #{password} variables as they are not sanitized before being passed to the shell.