VulnerableCode Package Details - pkg:gem/passenger@3.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/passenger@3.1

Essentials
History (1)

purl	pkg:gem/passenger@3.1
Tags	Ghost

Next non-vulnerable version	5.3.2
Latest non-vulnerable version	6.0.26
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-kxtc-uenz-eycy Aliases: CVE-2013-2119 GHSA-9qj7-jvg4-qr2x OSV-93752	Incorrect temporary file usage The passenger ruby gem, when used in standalone mode, does not use temporary files securely. If a local attacker were able to create a temporary directory that passenger uses and supply a custom nginx configuration file they could start a nginx instance with their own configuration file.	4.0.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:16.893007+00:00	Ruby Importer	Affected by	VCID-kxtc-uenz-eycy	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-2119.yml	38.0.0