Passenger Security Vulnerabilities and Issues — Passenger CVE List

Lucene search

PhusionPassenger

3 matches found

CVE•added 2017/12/14 10:29 p.m.•95 views

CVE-2017-16355

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root ...

4.7CVSS4.8AI score0.00136EPSS

CVE•added 2014/01/03 6:54 p.m.•74 views

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

4.6CVSS6.3AI score0.00057EPSS

CVE•added 2013/09/30 9:55 p.m.•61 views

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

4.4CVSS6.7AI score0.00057EPSS