VulnerableCode Package Details - pkg:gem/passenger@5.2.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-e99s-zs31-c3cn Aliases: CVE-2018-12029 GHSA-jjcj-fgfm-9g9r	Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.	5.3.2 Affected by 0 other vulnerabilities.
VCID-z5g4-xxf6-vbbh Aliases: CVE-2018-12615 GHSA-4284-jfhc-f854	Incorrect Permission Assignment for Critical Resource An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.	5.3.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-e99s-zs31-c3cn
Aliases:
CVE-2018-12029
GHSA-jjcj-fgfm-9g9r

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

5.3.2
Affected by 0 other vulnerabilities.

VCID-z5g4-xxf6-vbbh
Aliases:
CVE-2018-12615
GHSA-4284-jfhc-f854

Incorrect Permission Assignment for Critical Resource An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

5.3.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:45:37.510947+00:00	GitLab Importer	Affected by	VCID-z5g4-xxf6-vbbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12615.yml	38.4.0
2026-04-16T20:45:35.189877+00:00	GitLab Importer	Affected by	VCID-e99s-zs31-c3cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12029.yml	38.4.0
2026-04-11T21:56:25.051273+00:00	GitLab Importer	Affected by	VCID-z5g4-xxf6-vbbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12615.yml	38.3.0
2026-04-11T21:56:22.445662+00:00	GitLab Importer	Affected by	VCID-e99s-zs31-c3cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12029.yml	38.3.0
2026-04-02T22:09:48.149853+00:00	GitLab Importer	Affected by	VCID-z5g4-xxf6-vbbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12615.yml	38.1.0
2026-04-02T22:09:45.854582+00:00	GitLab Importer	Affected by	VCID-e99s-zs31-c3cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12029.yml	38.1.0
2026-04-01T16:27:05.233396+00:00	GitLab Importer	Affected by	VCID-z5g4-xxf6-vbbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12615.yml	38.0.0
2026-04-01T16:27:03.231106+00:00	GitLab Importer	Affected by	VCID-e99s-zs31-c3cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2018-12029.yml	38.0.0