Search for packages
| purl | pkg:gem/passenger@5.0.25 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-e99s-zs31-c3cn
Aliases: CVE-2018-12029 GHSA-jjcj-fgfm-9g9r |
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. |
Affected by 0 other vulnerabilities. |
|
VCID-fhu6-3k8p-aub2
Aliases: CVE-2016-10345 GHSA-cqxw-3p7v-p9gr |
Predictable tmp File Path Vulnerability A known /tmp filename is used during passenger-install-nginx-module execution, which can allow local attackers to gain the privileges of the passenger user. |
Affected by 3 other vulnerabilities. |
|
VCID-z5g4-xxf6-vbbh
Aliases: CVE-2018-12615 GHSA-4284-jfhc-f854 |
Incorrect Permission Assignment for Critical Resource An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. |
Affected by 0 other vulnerabilities. |
|
VCID-zwgu-5146-t7h5
Aliases: CVE-2017-16355 GHSA-cv3f-px9r-54hm |
Information Exposure If Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying `passenger-status --show=xml`. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||