CVE-2014-4991: Command injection vulnerability

January 10, 2018 (updated January 30, 2018)

It exposes the password to the process table, and is vulnerable to command injection if used in the context of a RoR application. The #{@username} and #{@password} variables aren’t properly sanitized before being passed to the command line.

References

www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html

Code Behaviors & Features

Detect and mitigate CVE-2014-4991 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →