Title: Vulnerability Report for Ruby Gem kajam-1.0.3.rc2
Author: Larry W. Cashdollar, @_larry0
Date: 06/01/2014
Download: http://rubygems.org/gems/kajam
Gem Author: scienceblock@gmail.com
From: ./kajam-1.0.3.rc2/vendor/plugins/dataset/lib/dataset/database/postgresql.rb
Lines 18 and 24 expose the mysql user password to the process table via #{@password}. If this Gem is used in the context of a rails application it maybe possible to inject commands via user supplied input as these variables are not sanitized before being passed to the shell.
015-
16- def capture(datasets)
17- return if datasets.nil? || datasets.empty?
18: `pg_dump -c #{@database} > #{storage_path(datasets)}`
19- end
20-
21- def restore(datasets)
22- store = storage_path(datasets)
23- if File.file?(store)
24: `psql -U #{@username} -p #{@password} -e #{@database} < #{store}`
25- true
26- end
27- end