Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
Typedeb
Namespacedebian
Namepassenger
Version5.0.30-1+deb9u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.30-1.1
Latest_non_vulnerable_version6.0.17+ds-1
Affected_by_vulnerabilities
0
url VCID-e99s-zs31-c3cn
vulnerability_id VCID-e99s-zs31-c3cn
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27073
published_at 2026-05-12T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27629
published_at 2026-04-01T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27668
published_at 2026-04-02T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.27706
published_at 2026-04-04T12:55:00Z
4
value 0.00099
scoring_system epss
scoring_elements 0.27497
published_at 2026-04-07T12:55:00Z
5
value 0.00099
scoring_system epss
scoring_elements 0.27565
published_at 2026-04-08T12:55:00Z
6
value 0.00099
scoring_system epss
scoring_elements 0.27608
published_at 2026-04-09T12:55:00Z
7
value 0.00099
scoring_system epss
scoring_elements 0.27613
published_at 2026-04-11T12:55:00Z
8
value 0.00099
scoring_system epss
scoring_elements 0.27568
published_at 2026-04-12T12:55:00Z
9
value 0.00099
scoring_system epss
scoring_elements 0.27512
published_at 2026-04-13T12:55:00Z
10
value 0.00099
scoring_system epss
scoring_elements 0.27518
published_at 2026-04-16T12:55:00Z
11
value 0.00099
scoring_system epss
scoring_elements 0.27491
published_at 2026-04-18T12:55:00Z
12
value 0.00099
scoring_system epss
scoring_elements 0.27451
published_at 2026-04-21T12:55:00Z
13
value 0.00099
scoring_system epss
scoring_elements 0.27404
published_at 2026-04-24T12:55:00Z
14
value 0.00099
scoring_system epss
scoring_elements 0.27302
published_at 2026-04-26T12:55:00Z
15
value 0.00099
scoring_system epss
scoring_elements 0.27228
published_at 2026-04-29T12:55:00Z
16
value 0.00099
scoring_system epss
scoring_elements 0.27058
published_at 2026-05-05T12:55:00Z
17
value 0.00099
scoring_system epss
scoring_elements 0.27122
published_at 2026-05-07T12:55:00Z
18
value 0.00099
scoring_system epss
scoring_elements 0.27142
published_at 2026-05-09T12:55:00Z
19
value 0.00099
scoring_system epss
scoring_elements 0.27059
published_at 2026-05-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
9
reference_url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
reference_id 1592612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
reference_id 921767
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
reference_id CVE-2018-12029
reference_type
scores
0
value 4.4
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:P/A:P
1
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
15
reference_url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
reference_id GHSA-jjcj-fgfm-9g9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
16
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
17
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1.1
purl pkg:deb/debian/passenger@5.0.30-1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.1
aliases CVE-2018-12029, GHSA-jjcj-fgfm-9g9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e99s-zs31-c3cn
1
url VCID-zwgu-5146-t7h5
vulnerability_id VCID-zwgu-5146-t7h5
summary 
Information Exposure
If Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying `passenger-status --show=xml`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16355.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16355.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16355
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.32979
published_at 2026-05-12T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.32953
published_at 2026-05-11T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33042
published_at 2026-05-09T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33002
published_at 2026-05-07T12:55:00Z
4
value 0.00136
scoring_system epss
scoring_elements 0.33302
published_at 2026-04-07T12:55:00Z
5
value 0.00136
scoring_system epss
scoring_elements 0.33432
published_at 2026-04-02T12:55:00Z
6
value 0.00136
scoring_system epss
scoring_elements 0.33464
published_at 2026-04-04T12:55:00Z
7
value 0.00136
scoring_system epss
scoring_elements 0.33346
published_at 2026-04-08T12:55:00Z
8
value 0.00136
scoring_system epss
scoring_elements 0.32933
published_at 2026-05-05T12:55:00Z
9
value 0.00136
scoring_system epss
scoring_elements 0.33051
published_at 2026-04-29T12:55:00Z
10
value 0.00136
scoring_system epss
scoring_elements 0.3313
published_at 2026-04-26T12:55:00Z
11
value 0.00136
scoring_system epss
scoring_elements 0.33147
published_at 2026-04-24T12:55:00Z
12
value 0.00136
scoring_system epss
scoring_elements 0.33299
published_at 2026-04-21T12:55:00Z
13
value 0.00136
scoring_system epss
scoring_elements 0.33333
published_at 2026-04-18T12:55:00Z
14
value 0.00136
scoring_system epss
scoring_elements 0.33357
published_at 2026-04-16T12:55:00Z
15
value 0.00136
scoring_system epss
scoring_elements 0.33318
published_at 2026-04-13T12:55:00Z
16
value 0.00136
scoring_system epss
scoring_elements 0.33341
published_at 2026-04-12T12:55:00Z
17
value 0.00136
scoring_system epss
scoring_elements 0.33297
published_at 2026-04-01T12:55:00Z
18
value 0.00136
scoring_system epss
scoring_elements 0.33382
published_at 2026-04-11T12:55:00Z
19
value 0.00136
scoring_system epss
scoring_elements 0.33379
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16355
2
reference_url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11
3
reference_url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
reference_id
reference_type
scores
url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:C/I:N/A:N
1
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
7
reference_url https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2017-16355.yml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2017-16355.yml
9
reference_url https://seclists.org/bugtraq/2019/Mar/34
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Mar/34
10
reference_url https://www.debian.org/security/2019/dsa-4415
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4415
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1513377
reference_id 1513377
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1513377
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
reference_id 884463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16355
reference_id CVE-2017-16355
reference_type
scores
0
value 1.2
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:P/I:N/A:N
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16355
17
reference_url https://github.com/advisories/GHSA-cv3f-px9r-54hm
reference_id GHSA-cv3f-px9r-54hm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cv3f-px9r-54hm
18
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1.1
purl pkg:deb/debian/passenger@5.0.30-1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.1
aliases CVE-2017-16355, GHSA-cv3f-px9r-54hm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgu-5146-t7h5
Fixing_vulnerabilities
0
url VCID-4agx-j827-hbex
vulnerability_id VCID-4agx-j827-hbex
summary 
Utils.cpp Temporary Directory Creation Symlink Local Privilege Escalation
This package contains a flaw as the program creates temporary directories insecurely. It is possible for a local attacker to use a symlink attack against the Utils.cpp file to allow the attacker to gain elevated privileges.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1136.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1136.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4136.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4136.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4136
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13462
published_at 2026-05-12T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1335
published_at 2026-04-16T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13349
published_at 2026-04-18T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13424
published_at 2026-04-21T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13429
published_at 2026-04-24T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13401
published_at 2026-04-26T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13296
published_at 2026-04-29T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13199
published_at 2026-05-05T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13354
published_at 2026-05-07T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13432
published_at 2026-05-11T12:55:00Z
10
value 0.00044
scoring_system epss
scoring_elements 0.13459
published_at 2026-04-01T12:55:00Z
11
value 0.00044
scoring_system epss
scoring_elements 0.13558
published_at 2026-04-02T12:55:00Z
12
value 0.00044
scoring_system epss
scoring_elements 0.1362
published_at 2026-04-04T12:55:00Z
13
value 0.00044
scoring_system epss
scoring_elements 0.13417
published_at 2026-04-07T12:55:00Z
14
value 0.00044
scoring_system epss
scoring_elements 0.13499
published_at 2026-04-08T12:55:00Z
15
value 0.00044
scoring_system epss
scoring_elements 0.13548
published_at 2026-04-09T12:55:00Z
16
value 0.00044
scoring_system epss
scoring_elements 0.13521
published_at 2026-04-11T12:55:00Z
17
value 0.00044
scoring_system epss
scoring_elements 0.13484
published_at 2026-04-12T12:55:00Z
18
value 0.00044
scoring_system epss
scoring_elements 0.13438
published_at 2026-05-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4136
3
reference_url https://code.google.com/p/phusion-passenger/issues/detail?id=910
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://code.google.com/p/phusion-passenger/issues/detail?id=910
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4136
5
reference_url https://github.com/advisories/GHSA-w6rc-q387-vpgq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w6rc-q387-vpgq
6
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
7
reference_url https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
8
reference_url https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-4136.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-4136.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4136
11
reference_url http://www.openwall.com/lists/oss-security/2013/07/16/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/07/16/6
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=985633
reference_id 985633
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=985633
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
purl pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-zwgu-5146-t7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1%252Bdeb9u1
aliases CVE-2013-4136, GHSA-w6rc-q387-vpgq, OSV-94074
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4agx-j827-hbex
1
url VCID-ge31-t14g-e3bb
vulnerability_id VCID-ge31-t14g-e3bb
summary 
Header overwriting
It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications. This implies a conversion to UPPER_CASE_WITH_UNDERSCORES whereby the difference between characters like '-' and '_' is lost. See "Affected use-cases" in provided link to establish wether one particular application is affected.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7519.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7519.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7519
reference_id
reference_type
scores
0
value 0.00361
scoring_system epss
scoring_elements 0.58296
published_at 2026-05-09T12:55:00Z
1
value 0.00361
scoring_system epss
scoring_elements 0.58235
published_at 2026-05-07T12:55:00Z
2
value 0.00361
scoring_system epss
scoring_elements 0.58228
published_at 2026-04-02T12:55:00Z
3
value 0.00361
scoring_system epss
scoring_elements 0.58275
published_at 2026-05-12T12:55:00Z
4
value 0.00361
scoring_system epss
scoring_elements 0.58291
published_at 2026-04-18T12:55:00Z
5
value 0.00361
scoring_system epss
scoring_elements 0.58289
published_at 2026-04-16T12:55:00Z
6
value 0.00361
scoring_system epss
scoring_elements 0.58257
published_at 2026-04-13T12:55:00Z
7
value 0.00361
scoring_system epss
scoring_elements 0.583
published_at 2026-04-11T12:55:00Z
8
value 0.00361
scoring_system epss
scoring_elements 0.58282
published_at 2026-04-09T12:55:00Z
9
value 0.00361
scoring_system epss
scoring_elements 0.58277
published_at 2026-04-12T12:55:00Z
10
value 0.00361
scoring_system epss
scoring_elements 0.58222
published_at 2026-04-07T12:55:00Z
11
value 0.00361
scoring_system epss
scoring_elements 0.58248
published_at 2026-05-11T12:55:00Z
12
value 0.00361
scoring_system epss
scoring_elements 0.58143
published_at 2026-04-01T12:55:00Z
13
value 0.00361
scoring_system epss
scoring_elements 0.58193
published_at 2026-05-05T12:55:00Z
14
value 0.00361
scoring_system epss
scoring_elements 0.58244
published_at 2026-04-26T12:55:00Z
15
value 0.00361
scoring_system epss
scoring_elements 0.5823
published_at 2026-04-29T12:55:00Z
16
value 0.00361
scoring_system epss
scoring_elements 0.58268
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7519
3
reference_url https://blog.phusion.nl/2015/12/07/cve-2015-7519
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2015/12/07/cve-2015-7519
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=956281
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=956281
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-fxwv-953p-7qpf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fxwv-953p-7qpf
8
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
9
reference_url https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2015-7519.yml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2015-7519.yml
11
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7519
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7519
13
reference_url https://puppet.com/security/cve/passenger-dec-2015-security-fixes
reference_id
reference_type
scores
url https://puppet.com/security/cve/passenger-dec-2015-security-fixes
14
reference_url https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
15
reference_url http://www.openwall.com/lists/oss-security/2015/12/07/1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/07/1
16
reference_url http://www.openwall.com/lists/oss-security/2015/12/07/2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/07/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290405
reference_id 1290405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290405
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354
reference_id 807354
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*
47
reference_url https://blog.phusion.nl/2015/12/07/cve-2015-7519/
reference_id CVE-2015-7519
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2015/12/07/cve-2015-7519/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
purl pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-zwgu-5146-t7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1%252Bdeb9u1
aliases CVE-2015-7519, GHSA-fxwv-953p-7qpf
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ge31-t14g-e3bb
2
url VCID-gjey-tb5m-gygf
vulnerability_id VCID-gjey-tb5m-gygf
summary 
Instance Directory Creation Symlink Arbitrary File Overwrite
Passenger Gem for Ruby contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
1
reference_url http://openwall.com/lists/oss-security/2014/01/28/8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/28/8
2
reference_url http://openwall.com/lists/oss-security/2014/01/30/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/30/3
3
reference_url http://osvdb.org/show/osvdb/102613
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/102613
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1831.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1831.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1831
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20555
published_at 2026-05-12T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20659
published_at 2026-04-21T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20547
published_at 2026-04-24T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20543
published_at 2026-04-26T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20511
published_at 2026-04-29T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20404
published_at 2026-05-05T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20476
published_at 2026-05-07T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20564
published_at 2026-05-09T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20541
published_at 2026-05-11T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20711
published_at 2026-04-01T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20854
published_at 2026-04-02T12:55:00Z
11
value 0.00067
scoring_system epss
scoring_elements 0.20912
published_at 2026-04-04T12:55:00Z
12
value 0.00067
scoring_system epss
scoring_elements 0.20626
published_at 2026-04-07T12:55:00Z
13
value 0.00067
scoring_system epss
scoring_elements 0.20702
published_at 2026-04-08T12:55:00Z
14
value 0.00067
scoring_system epss
scoring_elements 0.20763
published_at 2026-04-09T12:55:00Z
15
value 0.00067
scoring_system epss
scoring_elements 0.20781
published_at 2026-04-11T12:55:00Z
16
value 0.00067
scoring_system epss
scoring_elements 0.20738
published_at 2026-04-12T12:55:00Z
17
value 0.00067
scoring_system epss
scoring_elements 0.20686
published_at 2026-04-13T12:55:00Z
18
value 0.00067
scoring_system epss
scoring_elements 0.20672
published_at 2026-04-16T12:55:00Z
19
value 0.00067
scoring_system epss
scoring_elements 0.20668
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1831
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
9
reference_url https://github.com/advisories/GHSA-c7j7-p5jq-26ff
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c7j7-p5jq-26ff
10
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
11
reference_url https://github.com/phusion/passenger/commit/34b1087870c2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/34b1087870c2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1831.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1831.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1831
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1831
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
purl pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-zwgu-5146-t7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1%252Bdeb9u1
aliases CVE-2014-1831, GHSA-c7j7-p5jq-26ff
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-tb5m-gygf
3
url VCID-zwgu-5146-t7h5
vulnerability_id VCID-zwgu-5146-t7h5
summary 
Information Exposure
If Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying `passenger-status --show=xml`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16355.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16355.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16355
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.32979
published_at 2026-05-12T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.32953
published_at 2026-05-11T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33042
published_at 2026-05-09T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33002
published_at 2026-05-07T12:55:00Z
4
value 0.00136
scoring_system epss
scoring_elements 0.33302
published_at 2026-04-07T12:55:00Z
5
value 0.00136
scoring_system epss
scoring_elements 0.33432
published_at 2026-04-02T12:55:00Z
6
value 0.00136
scoring_system epss
scoring_elements 0.33464
published_at 2026-04-04T12:55:00Z
7
value 0.00136
scoring_system epss
scoring_elements 0.33346
published_at 2026-04-08T12:55:00Z
8
value 0.00136
scoring_system epss
scoring_elements 0.32933
published_at 2026-05-05T12:55:00Z
9
value 0.00136
scoring_system epss
scoring_elements 0.33051
published_at 2026-04-29T12:55:00Z
10
value 0.00136
scoring_system epss
scoring_elements 0.3313
published_at 2026-04-26T12:55:00Z
11
value 0.00136
scoring_system epss
scoring_elements 0.33147
published_at 2026-04-24T12:55:00Z
12
value 0.00136
scoring_system epss
scoring_elements 0.33299
published_at 2026-04-21T12:55:00Z
13
value 0.00136
scoring_system epss
scoring_elements 0.33333
published_at 2026-04-18T12:55:00Z
14
value 0.00136
scoring_system epss
scoring_elements 0.33357
published_at 2026-04-16T12:55:00Z
15
value 0.00136
scoring_system epss
scoring_elements 0.33318
published_at 2026-04-13T12:55:00Z
16
value 0.00136
scoring_system epss
scoring_elements 0.33341
published_at 2026-04-12T12:55:00Z
17
value 0.00136
scoring_system epss
scoring_elements 0.33297
published_at 2026-04-01T12:55:00Z
18
value 0.00136
scoring_system epss
scoring_elements 0.33382
published_at 2026-04-11T12:55:00Z
19
value 0.00136
scoring_system epss
scoring_elements 0.33379
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16355
2
reference_url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11
3
reference_url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
reference_id
reference_type
scores
url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:C/I:N/A:N
1
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
7
reference_url https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2017-16355.yml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2017-16355.yml
9
reference_url https://seclists.org/bugtraq/2019/Mar/34
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Mar/34
10
reference_url https://www.debian.org/security/2019/dsa-4415
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4415
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1513377
reference_id 1513377
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1513377
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
reference_id 884463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16355
reference_id CVE-2017-16355
reference_type
scores
0
value 1.2
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:P/I:N/A:N
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16355
17
reference_url https://github.com/advisories/GHSA-cv3f-px9r-54hm
reference_id GHSA-cv3f-px9r-54hm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cv3f-px9r-54hm
18
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
purl pkg:deb/debian/passenger@5.0.30-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-zwgu-5146-t7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1%252Bdeb9u1
1
url pkg:deb/debian/passenger@5.0.30-1.1
purl pkg:deb/debian/passenger@5.0.30-1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.1
aliases CVE-2017-16355, GHSA-cv3f-px9r-54hm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgu-5146-t7h5
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1%252Bdeb9u1