Passenger Security Vulnerabilities and Issues — Passenger CVE List

Lucene search

PhusionPassenger

5 matches found

CVE•added 2018/06/17 8:29 p.m.•78 views

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befo...

7CVSS5.5AI score0.00099EPSS

CVE•added 2018/06/17 8:29 p.m.•69 views

CVE-2018-12028

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an ...

7.8CVSS7.5AI score0.00175EPSS

CVE•added 2019/11/19 5:15 p.m.•64 views

CVE-2012-6135

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

7.5CVSS7.5AI score0.01273EPSS

CVE•added 2017/04/18 8:59 p.m.•64 views

CVE-2016-10345

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

7.8CVSS7.5AI score0.00064EPSS

CVE•added 2025/02/24 4:15 p.m.•58 views

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.

7.5CVSS6.9AI score0.00531EPSS