Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/passenger@0?distro=trixie
Typedeb
Namespacedebian
Namepassenger
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.0.13debian-1.2
Latest_non_vulnerable_version6.1.1+ds-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-32zq-s261-57fa
vulnerability_id VCID-32zq-s261-57fa
summary 
Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26803
reference_id
reference_type
scores
0
value 0.00195
scoring_system epss
scoring_elements 0.41496
published_at 2026-04-04T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50582
published_at 2026-04-24T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50634
published_at 2026-04-21T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50655
published_at 2026-04-18T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.5065
published_at 2026-04-16T12:55:00Z
5
value 0.00271
scoring_system epss
scoring_elements 0.50608
published_at 2026-04-13T12:55:00Z
6
value 0.00271
scoring_system epss
scoring_elements 0.50622
published_at 2026-04-12T12:55:00Z
7
value 0.00271
scoring_system epss
scoring_elements 0.50645
published_at 2026-04-11T12:55:00Z
8
value 0.00271
scoring_system epss
scoring_elements 0.50602
published_at 2026-04-09T12:55:00Z
9
value 0.00271
scoring_system epss
scoring_elements 0.50605
published_at 2026-04-08T12:55:00Z
10
value 0.00271
scoring_system epss
scoring_elements 0.50551
published_at 2026-04-07T12:55:00Z
11
value 0.00501
scoring_system epss
scoring_elements 0.65981
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26803
1
reference_url https://blog.phusion.nl/2025/02/19/passenger-6-0-26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2025/02/19/passenger-6-0-26
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-2cj2-qqxj-5m3r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2cj2-qqxj-5m3r
4
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
5
reference_url https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017
6
reference_url https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26
7
reference_url https://github.com/phusion/passenger/releases/tag/release-6.0.26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://github.com/phusion/passenger/releases/tag/release-6.0.26
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2025-26803.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2025-26803.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26803
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26803
10
reference_url https://www.phusionpassenger.com/support
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://www.phusionpassenger.com/support
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098909
reference_id 1098909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098909
12
reference_url https://blog.phusion.nl/2025/02/19/passenger-6-0-26/
reference_id passenger-6-0-26
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://blog.phusion.nl/2025/02/19/passenger-6-0-26/
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
5
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2025-26803, GHSA-2cj2-qqxj-5m3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32zq-s261-57fa
1
url VCID-a91w-ppku-ebfc
vulnerability_id VCID-a91w-ppku-ebfc
summary 
Information Exposure
Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.50915
published_at 2026-04-24T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.50967
published_at 2026-04-21T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.50927
published_at 2026-04-04T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.50846
published_at 2026-04-01T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.50939
published_at 2026-04-09T12:55:00Z
5
value 0.00275
scoring_system epss
scoring_elements 0.50942
published_at 2026-04-08T12:55:00Z
6
value 0.00275
scoring_system epss
scoring_elements 0.50901
published_at 2026-04-02T12:55:00Z
7
value 0.00275
scoring_system epss
scoring_elements 0.50885
published_at 2026-04-07T12:55:00Z
8
value 0.00275
scoring_system epss
scoring_elements 0.50987
published_at 2026-04-18T12:55:00Z
9
value 0.00275
scoring_system epss
scoring_elements 0.50943
published_at 2026-04-13T12:55:00Z
10
value 0.00275
scoring_system epss
scoring_elements 0.5096
published_at 2026-04-12T12:55:00Z
11
value 0.00275
scoring_system epss
scoring_elements 0.50981
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
reference_id 1592619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
reference_id CVE-2018-12027
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
8
reference_url https://github.com/advisories/GHSA-whfx-877c-5p28
reference_id GHSA-whfx-877c-5p28
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whfx-877c-5p28
9
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12027, GHSA-whfx-877c-5p28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a91w-ppku-ebfc
2
url VCID-etvv-bvc3-qyan
vulnerability_id VCID-etvv-bvc3-qyan
summary 
Improper Link Resolution Before File Access
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
reference_id
reference_type
scores
0
value 0.01123
scoring_system epss
scoring_elements 0.78321
published_at 2026-04-24T12:55:00Z
1
value 0.01123
scoring_system epss
scoring_elements 0.78208
published_at 2026-04-01T12:55:00Z
2
value 0.01123
scoring_system epss
scoring_elements 0.78217
published_at 2026-04-02T12:55:00Z
3
value 0.01123
scoring_system epss
scoring_elements 0.78247
published_at 2026-04-04T12:55:00Z
4
value 0.01123
scoring_system epss
scoring_elements 0.78229
published_at 2026-04-07T12:55:00Z
5
value 0.01123
scoring_system epss
scoring_elements 0.78255
published_at 2026-04-08T12:55:00Z
6
value 0.01123
scoring_system epss
scoring_elements 0.78261
published_at 2026-04-09T12:55:00Z
7
value 0.01123
scoring_system epss
scoring_elements 0.78286
published_at 2026-04-11T12:55:00Z
8
value 0.01123
scoring_system epss
scoring_elements 0.78269
published_at 2026-04-12T12:55:00Z
9
value 0.01123
scoring_system epss
scoring_elements 0.78264
published_at 2026-04-13T12:55:00Z
10
value 0.01123
scoring_system epss
scoring_elements 0.78295
published_at 2026-04-16T12:55:00Z
11
value 0.01123
scoring_system epss
scoring_elements 0.78293
published_at 2026-04-18T12:55:00Z
12
value 0.01123
scoring_system epss
scoring_elements 0.78289
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
6
reference_url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
reference_id 1592616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
reference_id CVE-2018-12026
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
11
reference_url https://github.com/advisories/GHSA-7cv3-gvmc-8mq5
reference_id GHSA-7cv3-gvmc-8mq5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cv3-gvmc-8mq5
12
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12026, GHSA-7cv3-gvmc-8mq5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etvv-bvc3-qyan
3
url VCID-nxqg-9ste-cycv
vulnerability_id VCID-nxqg-9ste-cycv
summary 
Server Instance Directory Creation Local Symlink File Overwrite
This package contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
1
reference_url http://openwall.com/lists/oss-security/2014/01/29/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/29/6
2
reference_url http://openwall.com/lists/oss-security/2014/01/30/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/30/3
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1832
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20547
published_at 2026-04-24T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20702
published_at 2026-04-08T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20763
published_at 2026-04-09T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20781
published_at 2026-04-11T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20738
published_at 2026-04-12T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20686
published_at 2026-04-13T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20672
published_at 2026-04-16T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20668
published_at 2026-04-18T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20659
published_at 2026-04-21T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20711
published_at 2026-04-01T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20854
published_at 2026-04-02T12:55:00Z
11
value 0.00067
scoring_system epss
scoring_elements 0.20912
published_at 2026-04-04T12:55:00Z
12
value 0.00067
scoring_system epss
scoring_elements 0.20626
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1832
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
7
reference_url https://github.com/advisories/GHSA-qw8w-2xcp-xg59
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qw8w-2xcp-xg59
8
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
9
reference_url https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
reference_id
reference_type
scores
url https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
10
reference_url https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1832
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1832
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2014-1832, GHSA-qw8w-2xcp-xg59, OSV-102613
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxqg-9ste-cycv
4
url VCID-tekr-xkck-pkfu
vulnerability_id VCID-tekr-xkck-pkfu
summary 
Multiple vulnerabilities in Asterisk might allow remote attackers to cause
    a Denial of Service condition, or conduct other attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7220
reference_id
reference_type
scores
0
value 0.10024
scoring_system epss
scoring_elements 0.93033
published_at 2026-04-01T12:55:00Z
1
value 0.10024
scoring_system epss
scoring_elements 0.93041
published_at 2026-04-02T12:55:00Z
2
value 0.10024
scoring_system epss
scoring_elements 0.93045
published_at 2026-04-07T12:55:00Z
3
value 0.10024
scoring_system epss
scoring_elements 0.93053
published_at 2026-04-08T12:55:00Z
4
value 0.10024
scoring_system epss
scoring_elements 0.93058
published_at 2026-04-09T12:55:00Z
5
value 0.10024
scoring_system epss
scoring_elements 0.93063
published_at 2026-04-11T12:55:00Z
6
value 0.10024
scoring_system epss
scoring_elements 0.9306
published_at 2026-04-12T12:55:00Z
7
value 0.10024
scoring_system epss
scoring_elements 0.93062
published_at 2026-04-13T12:55:00Z
8
value 0.10024
scoring_system epss
scoring_elements 0.93073
published_at 2026-04-16T12:55:00Z
9
value 0.10024
scoring_system epss
scoring_elements 0.93076
published_at 2026-04-18T12:55:00Z
10
value 0.10024
scoring_system epss
scoring_elements 0.93082
published_at 2026-04-21T12:55:00Z
11
value 0.10024
scoring_system epss
scoring_elements 0.93088
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7220
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=523277
reference_id 523277
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=523277
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
reference_id 555220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
reference_id 555221
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242
reference_id 555242
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244
reference_id 555244
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
reference_id 555250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
reference_id 555255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259
reference_id 555259
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266
reference_id 555266
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
reference_id 558977
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
13
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2008-7220
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tekr-xkck-pkfu
5
url VCID-xn3j-fysa-ybga
vulnerability_id VCID-xn3j-fysa-ybga
summary 
Incorrect Permission Assignment for Critical Resource
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.3878
published_at 2026-04-24T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38897
published_at 2026-04-01T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.39085
published_at 2026-04-02T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.39105
published_at 2026-04-16T12:55:00Z
4
value 0.00175
scoring_system epss
scoring_elements 0.39023
published_at 2026-04-07T12:55:00Z
5
value 0.00175
scoring_system epss
scoring_elements 0.39079
published_at 2026-04-08T12:55:00Z
6
value 0.00175
scoring_system epss
scoring_elements 0.39094
published_at 2026-04-09T12:55:00Z
7
value 0.00175
scoring_system epss
scoring_elements 0.39106
published_at 2026-04-11T12:55:00Z
8
value 0.00175
scoring_system epss
scoring_elements 0.39069
published_at 2026-04-12T12:55:00Z
9
value 0.00175
scoring_system epss
scoring_elements 0.39049
published_at 2026-04-13T12:55:00Z
10
value 0.00175
scoring_system epss
scoring_elements 0.39075
published_at 2026-04-18T12:55:00Z
11
value 0.00175
scoring_system epss
scoring_elements 0.38988
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
reference_id 1592621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
reference_id CVE-2018-12028
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
9
reference_url https://github.com/advisories/GHSA-jjhj-8gx7-x836
reference_id GHSA-jjhj-8gx7-x836
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjhj-8gx7-x836
10
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12028, GHSA-jjhj-8gx7-x836
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xn3j-fysa-ybga
6
url VCID-z5g4-xxf6-vbbh
vulnerability_id VCID-z5g4-xxf6-vbbh
summary 
Incorrect Permission Assignment for Critical Resource
An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.4176
published_at 2026-04-24T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41825
published_at 2026-04-01T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.4189
published_at 2026-04-02T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41918
published_at 2026-04-04T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41846
published_at 2026-04-07T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41895
published_at 2026-04-08T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41906
published_at 2026-04-09T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.4193
published_at 2026-04-11T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41894
published_at 2026-04-12T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41882
published_at 2026-04-13T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41932
published_at 2026-04-16T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.41905
published_at 2026-04-18T12:55:00Z
12
value 0.00198
scoring_system epss
scoring_elements 0.41833
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
2
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
3
reference_url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
reference_id 1594361
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
reference_id CVE-2018-12615
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
8
reference_url https://github.com/advisories/GHSA-4284-jfhc-f854
reference_id GHSA-4284-jfhc-f854
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4284-jfhc-f854
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu6-3k8p-aub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12615, GHSA-4284-jfhc-f854
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5g4-xxf6-vbbh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie