Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/ruby193-rubygem-passenger@3.0.12-21?arch=el6op
purl pkg:rpm/redhat/ruby193-rubygem-passenger@3.0.12-21?arch=el6op
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-4e6j-926u-kbhz
Aliases:
CVE-2012-6074
GHSA-9hr6-5x6g-gg5g
Jenkins allows Cross-Site Scripting (XSS) Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. There are no reported fixed by versions.
VCID-b4dc-bc34-jfdz
Aliases:
CVE-2012-6073
GHSA-mqgf-4rw4-2cq2
Jenkins affected by Open Redirect Vulnerability Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. There are no reported fixed by versions.
VCID-e9c4-wjkd-4kgp
Aliases:
CVE-2012-6072
GHSA-2q8v-qx2x-hxjx
Jenkins allows HTTP Injection and Response Splitting CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. There are no reported fixed by versions.
VCID-gd6z-1xzd-uyfs
Aliases:
CVE-2013-0164
openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation There are no reported fixed by versions.
VCID-kkbt-pr7u-f7gn
Aliases:
CVE-2012-6496
GHSA-gh2w-j7cx-2664
OSV-88661
Active Record contains SQL Injection SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. There are no reported fixed by versions.
VCID-mfsc-ev2k-5qga
Aliases:
CVE-2012-5658
Origin: rhc-chk.rb password exposure in log files There are no reported fixed by versions.
VCID-ruc8-365z-b7fr
Aliases:
CVE-2013-0158
GHSA-jwfr-h6jp-9p2g
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:53:44.854076+00:00 RedHat Importer Affected by VCID-4e6j-926u-kbhz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6074.json 38.0.0
2026-04-01T14:53:44.611081+00:00 RedHat Importer Affected by VCID-b4dc-bc34-jfdz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6073.json 38.0.0
2026-04-01T14:53:44.374335+00:00 RedHat Importer Affected by VCID-e9c4-wjkd-4kgp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6072.json 38.0.0
2026-04-01T14:53:29.597634+00:00 RedHat Importer Affected by VCID-mfsc-ev2k-5qga https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5658.json 38.0.0
2026-04-01T14:53:22.623284+00:00 RedHat Importer Affected by VCID-kkbt-pr7u-f7gn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json 38.0.0
2026-04-01T14:53:21.716730+00:00 RedHat Importer Affected by VCID-ruc8-365z-b7fr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0158.json 38.0.0
2026-04-01T14:52:50.877252+00:00 RedHat Importer Affected by VCID-gd6z-1xzd-uyfs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0164.json 38.0.0