Passenger@5.3.0 Security Vulnerabilities and Issues — Passenger@5.3.0 CVE List

Lucene search

PhusionPassenger5.3.0

3 matches found

CVE•added 2018/06/17 8:29 p.m.•70 views

CVE-2018-12028

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an ...

7.8CVSS7.5AI score0.00175EPSS

CVE•added 2018/06/17 8:29 p.m.•62 views

CVE-2018-12026

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tu...

9.8CVSS8.9AI score0.01183EPSS

CVE•added 2018/06/17 8:29 p.m.•58 views

CVE-2018-12027

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said...

8.8CVSS8.1AI score0.00289EPSS