RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
[
{
"product": "ruby-passenger",
"vendor": "ruby-passenger",
"versions": [
{
"status": "affected",
"version": "4.0.53-1"
}
]
}
]