Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
Typedeb
Namespacedebian
Namepassenger
Version5.0.30-1.2+deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.10-1
Latest_non_vulnerable_version6.1.1+ds-1
Affected_by_vulnerabilities
0
url VCID-sd9j-zy5f-s3b9
vulnerability_id VCID-sd9j-zy5f-s3b9
summary 
Predictable tmp File Path Vulnerability
A known /tmp filename is used during passenger-install-nginx-module execution, which can allow local attackers to gain the privileges of the passenger user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10345.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10345.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10345
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20187
published_at 2026-06-06T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20194
published_at 2026-06-05T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20118
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10345
2
reference_url https://blog.phusion.nl/2017/01/10/passenger-5-1-1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2017/01/10/passenger-5-1-1
3
reference_url https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10345
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
7
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
8
reference_url https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
9
reference_url https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2016-10345.yml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2016-10345.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10345
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10345
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1445306
reference_id 1445306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1445306
fixed_packages
0
url pkg:deb/debian/passenger@6.0.10-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.10-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.10-1%3Fdistro=trixie
1
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2016-10345, GHSA-cqxw-3p7v-p9gr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd9j-zy5f-s3b9
Fixing_vulnerabilities
0
url VCID-2m4t-x87m-8khj
vulnerability_id VCID-2m4t-x87m-8khj
summary 
Incorrect Permission Assignment for Critical Resource
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38748
published_at 2026-06-04T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38841
published_at 2026-06-06T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38837
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
6
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
reference_id 1592621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
reference_id CVE-2018-12028
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12028, GHSA-jjhj-8gx7-x836
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m4t-x87m-8khj
1
url VCID-2vfx-fjka-pue8
vulnerability_id VCID-2vfx-fjka-pue8
summary 
Information Exposure
Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.5112
published_at 2026-06-04T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51186
published_at 2026-06-06T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.51181
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
5
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
reference_id 1592619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
reference_id CVE-2018-12027
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12027, GHSA-whfx-877c-5p28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vfx-fjka-pue8
2
url VCID-58kk-nrpx-m3h5
vulnerability_id VCID-58kk-nrpx-m3h5
summary Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7220
reference_id
reference_type
scores
0
value 0.10024
scoring_system epss
scoring_elements 0.93198
published_at 2026-06-04T12:55:00Z
1
value 0.10024
scoring_system epss
scoring_elements 0.93209
published_at 2026-06-05T12:55:00Z
2
value 0.10024
scoring_system epss
scoring_elements 0.93208
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7220
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=523277
reference_id 523277
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=523277
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
reference_id 555220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
reference_id 555221
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242
reference_id 555242
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244
reference_id 555244
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
reference_id 555250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
reference_id 555255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259
reference_id 555259
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266
reference_id 555266
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
reference_id 558977
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
13
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2008-7220
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58kk-nrpx-m3h5
3
url VCID-776a-5amc-5fhb
vulnerability_id VCID-776a-5amc-5fhb
summary 
Header overwriting
It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications. This implies a conversion to UPPER_CASE_WITH_UNDERSCORES whereby the difference between characters like '-' and '_' is lost. See "Affected use-cases" in provided link to establish wether one particular application is affected.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7519.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7519.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7519
reference_id
reference_type
scores
0
value 0.00361
scoring_system epss
scoring_elements 0.58581
published_at 2026-06-05T12:55:00Z
1
value 0.00361
scoring_system epss
scoring_elements 0.58534
published_at 2026-06-04T12:55:00Z
2
value 0.00361
scoring_system epss
scoring_elements 0.5859
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7519
3
reference_url https://blog.phusion.nl/2015/12/07/cve-2015-7519
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2015/12/07/cve-2015-7519
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=956281
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=956281
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-fxwv-953p-7qpf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fxwv-953p-7qpf
8
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
9
reference_url https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2015-7519.yml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2015-7519.yml
11
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7519
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7519
13
reference_url https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
14
reference_url http://www.openwall.com/lists/oss-security/2015/12/07/1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/07/1
15
reference_url http://www.openwall.com/lists/oss-security/2015/12/07/2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/07/2
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290405
reference_id 1290405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290405
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354
reference_id 807354
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354
18
reference_url https://blog.phusion.nl/2015/12/07/cve-2015-7519/
reference_id CVE-2015-7519
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2015/12/07/cve-2015-7519/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.22-1?distro=trixie
purl pkg:deb/debian/passenger@5.0.22-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.22-1%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2015-7519, GHSA-fxwv-953p-7qpf
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-776a-5amc-5fhb
4
url VCID-8mhb-q437-dfau
vulnerability_id VCID-8mhb-q437-dfau
summary 
Instance Directory Creation Symlink Arbitrary File Overwrite
Passenger Gem for Ruby contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
1
reference_url http://openwall.com/lists/oss-security/2014/01/28/8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/28/8
2
reference_url http://openwall.com/lists/oss-security/2014/01/30/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/30/3
3
reference_url http://osvdb.org/show/osvdb/102613
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/102613
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1831.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1831.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1831
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20936
published_at 2026-06-06T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20875
published_at 2026-06-04T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.2095
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1831
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
9
reference_url https://github.com/advisories/GHSA-c7j7-p5jq-26ff
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c7j7-p5jq-26ff
10
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
11
reference_url https://github.com/phusion/passenger/commit/34b1087870c2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/34b1087870c2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1831.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1831.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1831
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1831
fixed_packages
0
url pkg:deb/debian/passenger@4.0.37-1?distro=trixie
purl pkg:deb/debian/passenger@4.0.37-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@4.0.37-1%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2014-1831, GHSA-c7j7-p5jq-26ff
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mhb-q437-dfau
5
url VCID-a872-9u8a-u7gh
vulnerability_id VCID-a872-9u8a-u7gh
summary 
Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25
before 6.0.26 allows a denial of service during parsing of
a request with an invalid HTTP method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26803
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50842
published_at 2026-06-06T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50837
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26803
1
reference_url https://blog.phusion.nl/2025/02/19/passenger-6-0-26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2025/02/19/passenger-6-0-26
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-2cj2-qqxj-5m3r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
url https://github.com/advisories/GHSA-2cj2-qqxj-5m3r
4
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
5
reference_url https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017
6
reference_url https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26
7
reference_url https://github.com/phusion/passenger/releases/tag/release-6.0.26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://github.com/phusion/passenger/releases/tag/release-6.0.26
8
reference_url https://www.phusionpassenger.com/support
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://www.phusionpassenger.com/support
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098909
reference_id 1098909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098909
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26803
reference_id CVE-2025-26803
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26803
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2025-26803.yml
reference_id CVE-2025-26803.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2025-26803.yml
12
reference_url https://blog.phusion.nl/2025/02/19/passenger-6-0-26/
reference_id passenger-6-0-26
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T16:59:12Z/
url https://blog.phusion.nl/2025/02/19/passenger-6-0-26/
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
5
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2025-26803, GHSA-2cj2-qqxj-5m3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a872-9u8a-u7gh
6
url VCID-d3tp-jggs-hug9
vulnerability_id VCID-d3tp-jggs-hug9
summary 
Utils.cpp Temporary Directory Creation Symlink Local Privilege Escalation
This package contains a flaw as the program creates temporary directories insecurely. It is possible for a local attacker to use a symlink attack against the Utils.cpp file to allow the attacker to gain elevated privileges.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1136.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1136.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4136.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4136.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4136
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13909
published_at 2026-06-06T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1383
published_at 2026-06-04T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13905
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4136
3
reference_url https://code.google.com/p/phusion-passenger/issues/detail?id=910
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://code.google.com/p/phusion-passenger/issues/detail?id=910
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4136
5
reference_url https://github.com/advisories/GHSA-w6rc-q387-vpgq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w6rc-q387-vpgq
6
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
7
reference_url https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
8
reference_url https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-4136.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-4136.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4136
11
reference_url http://www.openwall.com/lists/oss-security/2013/07/16/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/07/16/6
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=985633
reference_id 985633
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=985633
fixed_packages
0
url pkg:deb/debian/passenger@3.0.13debian-1.2?distro=trixie
purl pkg:deb/debian/passenger@3.0.13debian-1.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@3.0.13debian-1.2%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2013-4136, GHSA-w6rc-q387-vpgq, OSV-94074
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3tp-jggs-hug9
7
url VCID-dye8-8zrz-6ba7
vulnerability_id VCID-dye8-8zrz-6ba7
summary 
Incorrect Permission Assignment for Critical Resource
An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41821
published_at 2026-06-06T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41812
published_at 2026-06-05T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41736
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
2
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
3
reference_url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
reference_id 1594361
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
reference_id CVE-2018-12615
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12615, GHSA-4284-jfhc-f854
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dye8-8zrz-6ba7
8
url VCID-m5eg-th4y-a3f7
vulnerability_id VCID-m5eg-th4y-a3f7
summary 
Information Exposure
If Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying `passenger-status --show=xml`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16355.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16355.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16355
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33278
published_at 2026-06-06T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33263
published_at 2026-06-05T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33161
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16355
2
reference_url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11
3
reference_url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
reference_id
reference_type
scores
url https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:C/I:N/A:N
1
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
7
reference_url https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2017-16355.yml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2017-16355.yml
9
reference_url https://seclists.org/bugtraq/2019/Mar/34
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Mar/34
10
reference_url https://www.debian.org/security/2019/dsa-4415
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4415
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1513377
reference_id 1513377
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1513377
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
reference_id 884463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16355
reference_id CVE-2017-16355
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16355
14
reference_url https://github.com/advisories/GHSA-cv3f-px9r-54hm
reference_id GHSA-cv3f-px9r-54hm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cv3f-px9r-54hm
15
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1.1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.1%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2017-16355, GHSA-cv3f-px9r-54hm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5eg-th4y-a3f7
9
url VCID-mg4k-v8q7-sqbb
vulnerability_id VCID-mg4k-v8q7-sqbb
summary 
Improper Link Resolution Before File Access
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
reference_id
reference_type
scores
0
value 0.01123
scoring_system epss
scoring_elements 0.78639
published_at 2026-06-06T12:55:00Z
1
value 0.01123
scoring_system epss
scoring_elements 0.78631
published_at 2026-06-05T12:55:00Z
2
value 0.01123
scoring_system epss
scoring_elements 0.78603
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
6
reference_url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
8
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
reference_id 1592616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
reference_id CVE-2018-12026
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12026, GHSA-7cv3-gvmc-8mq5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mg4k-v8q7-sqbb
10
url VCID-u8cc-dmqe-5qec
vulnerability_id VCID-u8cc-dmqe-5qec
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27131
published_at 2026-06-06T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27185
published_at 2026-06-05T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.2712
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
9
reference_url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
10
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
reference_id 1592612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
reference_id 921767
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
reference_id CVE-2018-12029
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
14
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:deb/debian/passenger@5.0.30-1.1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.1%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2018-12029, GHSA-jjcj-fgfm-9g9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8cc-dmqe-5qec
11
url VCID-yfmc-ybkr-xbbg
vulnerability_id VCID-yfmc-ybkr-xbbg
summary 
Server Instance Directory Creation Local Symlink File Overwrite
This package contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
1
reference_url http://openwall.com/lists/oss-security/2014/01/29/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/29/6
2
reference_url http://openwall.com/lists/oss-security/2014/01/30/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/30/3
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1832
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20936
published_at 2026-06-06T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.2095
published_at 2026-06-05T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20875
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1832
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
7
reference_url https://github.com/advisories/GHSA-qw8w-2xcp-xg59
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qw8w-2xcp-xg59
8
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
9
reference_url https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
reference_id
reference_type
scores
url https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
10
reference_url https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1832
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1832
fixed_packages
0
url pkg:deb/debian/passenger@0?distro=trixie
purl pkg:deb/debian/passenger@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@0%3Fdistro=trixie
1
url pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/passenger@5.0.30-1.2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sd9j-zy5f-s3b9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.0.17%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.17%252Bds-1%3Fdistro=trixie
3
url pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
purl pkg:deb/debian/passenger@6.0.26%2Bds-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.0.26%252Bds-1.1%3Fdistro=trixie
4
url pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
purl pkg:deb/debian/passenger@6.1.1%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@6.1.1%252Bds-1%3Fdistro=trixie
aliases CVE-2014-1832, GHSA-qw8w-2xcp-xg59, OSV-102613
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfmc-ybkr-xbbg
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/passenger@5.0.30-1.2%252Bdeb11u1%3Fdistro=trixie