From: ./kajam-1.0.3.rc2/vendor/plugins/dataset/lib/dataset/database/mysql.rb Lines 18 and 24 expose the mysql user password to the process table via #{@password}. If this Gem is used in the context of a rails application it maybe possible to inject commands via user supplied input as these variables are not sanitized before being passed to the shell. 015- 16- def capture(datasets) 17- return if datasets.nil? || datasets.empty? 18: `mysqldump -u {@username} --password={@password} --compact --extended-insert --no-create-db --add-drop-table --quick --quote-names #{@database} > #{storage_path(datasets)}` 19- end 20- 21- def restore(datasets) 22- store = storage_path(datasets) 23- if File.file?(store) 24: `mysql -u {@username} --password={@password} --database=#{@database} < #{store}` 25- true 26- end 27- end From: ./kajam-1.0.3.rc2/vendor/plugins/dataset/lib/dataset/database/postgresql.rb Lines 18 and 24 expose the postqresql user password to the process table via #{@password}. If this Gem is used in the context of a rails application it maybe possible to inject commands via user supplied input as these variables are not sanitized before being passed to the shell. 015- 16- def capture(datasets) 17- return if datasets.nil? || datasets.empty? 18: `pg_dump -c #{@database} > #{storage_path(datasets)}` 19- end 20- 21- def restore(datasets) 22- store = storage_path(datasets) 23- if File.file?(store) 24: `psql -U #{@username} -p #{@password} -e #{@database} < #{store}` 25- true 26- end 27- end