Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/passenger@4.0.0
purl pkg:gem/passenger@4.0.0
Tags Ghost
Next non-vulnerable version 5.3.2
Latest non-vulnerable version 6.0.26
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-fatt-t3ga-rfcw
Aliases:
CVE-2012-6135
GHSA-8mw8-j583-vqfg
OSV-90738
RubyGems passenger gem allows remote attackers to delete files RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions (4.0.0.beta1, 4.0.0.beta2).
4.0.1
Affected by 8 other vulnerabilities.
VCID-kxtc-uenz-eycy
Aliases:
CVE-2013-2119
GHSA-9qj7-jvg4-qr2x
OSV-93752
Incorrect temporary file usage The passenger ruby gem, when used in standalone mode, does not use temporary files securely. If a local attacker were able to create a temporary directory that passenger uses and supply a custom nginx configuration file they could start a nginx instance with their own configuration file.
4.0.5
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:36:11.403385+00:00 GitLab Importer Affected by VCID-fatt-t3ga-rfcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2012-6135.yml 38.0.0
2026-04-01T12:46:51.272384+00:00 GitLab Importer Affected by VCID-kxtc-uenz-eycy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2013-2119.yml 38.0.0