See on RubyGems

echor 0.1.6

2 security vulnerabilities found in version 0.1.6

echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure

high severity CVE-2014-1835
high severity CVE-2014-1835

echor Gem for Ruby contains a flaw that is due to the program exposing credential information in the system process listing. This may allow a local attacker to gain access to plaintext credential information.

echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution

high severity CVE-2014-1834
high severity CVE-2014-1834

Echor Gem for Ruby contains a flaw in backplane.rb in the perform_request function that is triggered when a semi-colon (;) is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a rails application.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

Author did not declare license for this gem in the gemspec.

This gem version has a MIT license in the source code, however it was not declared in the gemspec file.

This gem version is available.

This gem version has not been yanked and is still available for usage.