CVE-2014-1835:
Echor Ruby Gem credentials can be stolen via process table monitoring
7.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.14628%
CWE
-
Published
5/14/2022
Updated
6/30/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
echor | rubygems | <= 0.1.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description explicitly names perform_request
in /lib/echor/backplane.rb as the source. Credential exposure via process
table monitoring typically occurs when sensitive data is passed as command-line arguments (visible in ps/top). The CWE-255 mapping (Credentials Management Errors) and advisory details about 'curl -u {user}:{password}' usage confirm this pattern. Multiple authoritative sources (NVD, GitHub Advisory, RubySec DB) consistently reference this function
without ambiguity.