Title:Vulnerability Report for Ruby Gem kcapifony-2.1.6./kcapifony-2.1.6/lib/ksymfony1.rb Lines 482, 484, 522 and 524 expose the password to the process table via the #{config['pass']} variable. If this Gem is used in the context of a rails application it maybe possible to inject commands remotely by supplying special shell meta characters like ; and & via #{config['user']} and #{config['pass']}. 0479- FileUtils::mkdir_p("backups") 480- case config[type] 481- when mysql 482: `mysqldump -u{config[user]} --password=\"{config[pass]}\" #{config[db]} > #{tmpfile}` 483- when pgsql 484: `pg_dump -U {config[user]} --password=\"{config[pass]}\" #{config[db]} > #{tmpfile}` 485- end 486- File.open(tmpfile, "r+") do |f| -- 519- 520- case config[type] 521- when mysql 522: `mysql -u{config[user]} --password=\"{config[pass]}\" {config[db]} < backups/{sqlfile}` 523- when pgsql 524: `psql -U {config[user]} --password=\"{config[pass]}\" {config[db]} < backups/{sqlfile}` 525- end 526- FileUtils.rm("backups/#{sqlfile}") 527- end