Title: Vulnerability Report for Ruby Gem lean-ruport-0.3.8

Author: Larry W. Cashdollar, @_larry0

Date: 06/01/2014

OSVDB: 108581

CVE:Please Assign

Download: http://rubygems.org/gems/lean-ruport

Gem Author: james[at]yob.id.au

Author Contacted:6/25/2014

From: ./lean-ruport-0.3.8/test/tc_database.rb

Line 21 exposes the mysql password to the process table, if this Gem is used in the context of a rails application it might be possible to inject commands via the #{ user } and #{ password } variables if those are supplied by the user as they are not sanitized before being passed to the shell.

018-            tmp_sql = /tmp/compare.sql
19-             md_command =
20-                     "mysqldump -u{ user } -p{ password } --databases stonecodeblog"
21:             `#{ md_command } > #{ tmp_sql }`
22:             diff = `diff #{ orig_sql } #{ tmp_sql }`
23-             assert( diff == , diff[0..500] ) 
24-     end

25-end

Advisory: http://www.vapid.dhs.org/advisories/lean-ruport-0.3.8.html