Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/passenger@3.0.9
Typegem
Namespace
Namepassenger
Version3.0.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.2
Latest_non_vulnerable_version6.0.26
Affected_by_vulnerabilities
0
url VCID-4agx-j827-hbex
vulnerability_id VCID-4agx-j827-hbex
summary 
Utils.cpp Temporary Directory Creation Symlink Local Privilege Escalation
This package contains a flaw as the program creates temporary directories insecurely. It is possible for a local attacker to use a symlink attack against the Utils.cpp file to allow the attacker to gain elevated privileges.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1136.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1136.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4136.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4136.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4136
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13296
published_at 2026-04-29T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13548
published_at 2026-04-09T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13521
published_at 2026-04-11T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13484
published_at 2026-04-12T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13438
published_at 2026-04-13T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.1335
published_at 2026-04-16T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13349
published_at 2026-04-18T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13424
published_at 2026-04-21T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13429
published_at 2026-04-24T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13401
published_at 2026-04-26T12:55:00Z
10
value 0.00044
scoring_system epss
scoring_elements 0.13459
published_at 2026-04-01T12:55:00Z
11
value 0.00044
scoring_system epss
scoring_elements 0.13558
published_at 2026-04-02T12:55:00Z
12
value 0.00044
scoring_system epss
scoring_elements 0.1362
published_at 2026-04-04T12:55:00Z
13
value 0.00044
scoring_system epss
scoring_elements 0.13417
published_at 2026-04-07T12:55:00Z
14
value 0.00044
scoring_system epss
scoring_elements 0.13499
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4136
3
reference_url https://code.google.com/p/phusion-passenger/issues/detail?id=910
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://code.google.com/p/phusion-passenger/issues/detail?id=910
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4136
5
reference_url https://github.com/advisories/GHSA-w6rc-q387-vpgq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w6rc-q387-vpgq
6
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
7
reference_url https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
8
reference_url https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-4136.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-4136.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4136
11
reference_url http://www.openwall.com/lists/oss-security/2013/07/16/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/07/16/6
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=985633
reference_id 985633
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=985633
fixed_packages
0
url pkg:gem/passenger@4.0.6
purl pkg:gem/passenger@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4agx-j827-hbex
1
vulnerability VCID-e99s-zs31-c3cn
2
vulnerability VCID-fhu6-3k8p-aub2
3
vulnerability VCID-ge31-t14g-e3bb
4
vulnerability VCID-gjey-tb5m-gygf
5
vulnerability VCID-nxqg-9ste-cycv
6
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.6
1
url pkg:gem/passenger@4.0.8
purl pkg:gem/passenger@4.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-fhu6-3k8p-aub2
2
vulnerability VCID-ge31-t14g-e3bb
3
vulnerability VCID-gjey-tb5m-gygf
4
vulnerability VCID-nxqg-9ste-cycv
5
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.8
aliases CVE-2013-4136, GHSA-w6rc-q387-vpgq, OSV-94074
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4agx-j827-hbex
1
url VCID-e99s-zs31-c3cn
vulnerability_id VCID-e99s-zs31-c3cn
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27228
published_at 2026-04-29T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27302
published_at 2026-04-26T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27404
published_at 2026-04-24T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.27706
published_at 2026-04-04T12:55:00Z
4
value 0.00099
scoring_system epss
scoring_elements 0.27629
published_at 2026-04-01T12:55:00Z
5
value 0.00099
scoring_system epss
scoring_elements 0.27565
published_at 2026-04-08T12:55:00Z
6
value 0.00099
scoring_system epss
scoring_elements 0.27497
published_at 2026-04-07T12:55:00Z
7
value 0.00099
scoring_system epss
scoring_elements 0.27668
published_at 2026-04-02T12:55:00Z
8
value 0.00099
scoring_system epss
scoring_elements 0.27451
published_at 2026-04-21T12:55:00Z
9
value 0.00099
scoring_system epss
scoring_elements 0.27491
published_at 2026-04-18T12:55:00Z
10
value 0.00099
scoring_system epss
scoring_elements 0.27518
published_at 2026-04-16T12:55:00Z
11
value 0.00099
scoring_system epss
scoring_elements 0.27512
published_at 2026-04-13T12:55:00Z
12
value 0.00099
scoring_system epss
scoring_elements 0.27568
published_at 2026-04-12T12:55:00Z
13
value 0.00099
scoring_system epss
scoring_elements 0.27613
published_at 2026-04-11T12:55:00Z
14
value 0.00099
scoring_system epss
scoring_elements 0.27608
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
9
reference_url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
reference_id 1592612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
reference_id 921767
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
reference_id CVE-2018-12029
reference_type
scores
0
value 4.4
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:P/A:P
1
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
15
reference_url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
reference_id GHSA-jjcj-fgfm-9g9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
16
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
17
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12029, GHSA-jjcj-fgfm-9g9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e99s-zs31-c3cn
2
url VCID-fhu6-3k8p-aub2
vulnerability_id VCID-fhu6-3k8p-aub2
summary 
Predictable tmp File Path Vulnerability
A known /tmp filename is used during passenger-install-nginx-module execution, which can allow local attackers to gain the privileges of the passenger user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10345.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10345.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10345
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19777
published_at 2026-04-29T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.19951
published_at 2026-04-01T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20098
published_at 2026-04-02T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20155
published_at 2026-04-04T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19885
published_at 2026-04-07T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.19964
published_at 2026-04-08T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.20018
published_at 2026-04-09T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.20038
published_at 2026-04-11T12:55:00Z
8
value 0.00064
scoring_system epss
scoring_elements 0.19993
published_at 2026-04-12T12:55:00Z
9
value 0.00064
scoring_system epss
scoring_elements 0.19935
published_at 2026-04-13T12:55:00Z
10
value 0.00064
scoring_system epss
scoring_elements 0.19918
published_at 2026-04-16T12:55:00Z
11
value 0.00064
scoring_system epss
scoring_elements 0.19922
published_at 2026-04-18T12:55:00Z
12
value 0.00064
scoring_system epss
scoring_elements 0.19919
published_at 2026-04-21T12:55:00Z
13
value 0.00064
scoring_system epss
scoring_elements 0.19812
published_at 2026-04-24T12:55:00Z
14
value 0.00064
scoring_system epss
scoring_elements 0.19807
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10345
2
reference_url https://blog.phusion.nl/2017/01/10/passenger-5-1-1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2017/01/10/passenger-5-1-1
3
reference_url https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10345
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
7
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
8
reference_url https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
9
reference_url https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2016-10345.yml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2016-10345.yml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10345
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10345
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1445306
reference_id 1445306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1445306
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
fixed_packages
0
url pkg:gem/passenger@5.1.0
purl pkg:gem/passenger@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-z5g4-xxf6-vbbh
2
vulnerability VCID-zwgu-5146-t7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.1.0
aliases CVE-2016-10345, GHSA-cqxw-3p7v-p9gr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhu6-3k8p-aub2
3
url VCID-ge31-t14g-e3bb
vulnerability_id VCID-ge31-t14g-e3bb
summary 
Header overwriting
It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications. This implies a conversion to UPPER_CASE_WITH_UNDERSCORES whereby the difference between characters like '-' and '_' is lost. See "Affected use-cases" in provided link to establish wether one particular application is affected.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7519.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7519.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7519
reference_id
reference_type
scores
0
value 0.00361
scoring_system epss
scoring_elements 0.5823
published_at 2026-04-29T12:55:00Z
1
value 0.00361
scoring_system epss
scoring_elements 0.58268
published_at 2026-04-21T12:55:00Z
2
value 0.00361
scoring_system epss
scoring_elements 0.58143
published_at 2026-04-01T12:55:00Z
3
value 0.00361
scoring_system epss
scoring_elements 0.58228
published_at 2026-04-02T12:55:00Z
4
value 0.00361
scoring_system epss
scoring_elements 0.58222
published_at 2026-04-07T12:55:00Z
5
value 0.00361
scoring_system epss
scoring_elements 0.58244
published_at 2026-04-26T12:55:00Z
6
value 0.00361
scoring_system epss
scoring_elements 0.58277
published_at 2026-04-12T12:55:00Z
7
value 0.00361
scoring_system epss
scoring_elements 0.58248
published_at 2026-04-04T12:55:00Z
8
value 0.00361
scoring_system epss
scoring_elements 0.58291
published_at 2026-04-18T12:55:00Z
9
value 0.00361
scoring_system epss
scoring_elements 0.58289
published_at 2026-04-16T12:55:00Z
10
value 0.00361
scoring_system epss
scoring_elements 0.58257
published_at 2026-04-13T12:55:00Z
11
value 0.00361
scoring_system epss
scoring_elements 0.583
published_at 2026-04-11T12:55:00Z
12
value 0.00361
scoring_system epss
scoring_elements 0.58282
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7519
3
reference_url https://blog.phusion.nl/2015/12/07/cve-2015-7519
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2015/12/07/cve-2015-7519
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=956281
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=956281
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7519
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-fxwv-953p-7qpf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fxwv-953p-7qpf
8
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
9
reference_url https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2015-7519.yml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2015-7519.yml
11
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7519
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7519
13
reference_url https://puppet.com/security/cve/passenger-dec-2015-security-fixes
reference_id
reference_type
scores
url https://puppet.com/security/cve/passenger-dec-2015-security-fixes
14
reference_url https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
15
reference_url http://www.openwall.com/lists/oss-security/2015/12/07/1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/07/1
16
reference_url http://www.openwall.com/lists/oss-security/2015/12/07/2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/07/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290405
reference_id 1290405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290405
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354
reference_id 807354
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*
47
reference_url https://blog.phusion.nl/2015/12/07/cve-2015-7519/
reference_id CVE-2015-7519
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2015/12/07/cve-2015-7519/
fixed_packages
0
url pkg:gem/passenger@4.0.60
purl pkg:gem/passenger@4.0.60
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-fhu6-3k8p-aub2
2
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.60
1
url pkg:gem/passenger@5.0.22
purl pkg:gem/passenger@5.0.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-fhu6-3k8p-aub2
2
vulnerability VCID-z5g4-xxf6-vbbh
3
vulnerability VCID-zwgu-5146-t7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.0.22
aliases CVE-2015-7519, GHSA-fxwv-953p-7qpf
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ge31-t14g-e3bb
4
url VCID-gjey-tb5m-gygf
vulnerability_id VCID-gjey-tb5m-gygf
summary 
Instance Directory Creation Symlink Arbitrary File Overwrite
Passenger Gem for Ruby contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
1
reference_url http://openwall.com/lists/oss-security/2014/01/28/8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/28/8
2
reference_url http://openwall.com/lists/oss-security/2014/01/30/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/30/3
3
reference_url http://osvdb.org/show/osvdb/102613
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/102613
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1831.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1831.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1831
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20511
published_at 2026-04-29T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20781
published_at 2026-04-11T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20738
published_at 2026-04-12T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20686
published_at 2026-04-13T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20672
published_at 2026-04-16T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20668
published_at 2026-04-18T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20659
published_at 2026-04-21T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20547
published_at 2026-04-24T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20543
published_at 2026-04-26T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20711
published_at 2026-04-01T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20854
published_at 2026-04-02T12:55:00Z
11
value 0.00067
scoring_system epss
scoring_elements 0.20912
published_at 2026-04-04T12:55:00Z
12
value 0.00067
scoring_system epss
scoring_elements 0.20626
published_at 2026-04-07T12:55:00Z
13
value 0.00067
scoring_system epss
scoring_elements 0.20702
published_at 2026-04-08T12:55:00Z
14
value 0.00067
scoring_system epss
scoring_elements 0.20763
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1831
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1831
9
reference_url https://github.com/advisories/GHSA-c7j7-p5jq-26ff
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c7j7-p5jq-26ff
10
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
11
reference_url https://github.com/phusion/passenger/commit/34b1087870c2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/34b1087870c2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1831.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1831.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1831
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1831
fixed_packages
0
url pkg:gem/passenger@4.0.33
purl pkg:gem/passenger@4.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-fhu6-3k8p-aub2
2
vulnerability VCID-ge31-t14g-e3bb
3
vulnerability VCID-gjey-tb5m-gygf
4
vulnerability VCID-nxqg-9ste-cycv
5
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.33
1
url pkg:gem/passenger@4.0.38
purl pkg:gem/passenger@4.0.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-fhu6-3k8p-aub2
2
vulnerability VCID-ge31-t14g-e3bb
3
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.38
aliases CVE-2014-1831, GHSA-c7j7-p5jq-26ff
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-tb5m-gygf
5
url VCID-kxtc-uenz-eycy
vulnerability_id VCID-kxtc-uenz-eycy
summary 
Incorrect temporary file usage
The passenger ruby gem, when used in standalone mode, does not use temporary files securely. If a local attacker were able to create a temporary directory that passenger uses and supply a custom nginx configuration file they could start a nginx instance with their own configuration file.
references
0
reference_url http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released
1
reference_url http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
reference_id
reference_type
scores
url http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
2
reference_url http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released
3
reference_url http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
reference_id
reference_type
scores
url http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
4
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2119
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2119
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-1136.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1136.html
6
reference_url https://access.redhat.com/errata/RHSA-2013:1136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1136
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2119.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2119.json
8
reference_url https://access.redhat.com/security/cve/CVE-2013-2119
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2119
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2119
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17302
published_at 2026-04-29T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17439
published_at 2026-04-16T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.17449
published_at 2026-04-18T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17483
published_at 2026-04-21T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.17392
published_at 2026-04-24T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17369
published_at 2026-04-26T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17499
published_at 2026-04-01T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17662
published_at 2026-04-02T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17708
published_at 2026-04-04T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.17429
published_at 2026-04-07T12:55:00Z
10
value 0.00056
scoring_system epss
scoring_elements 0.17521
published_at 2026-04-08T12:55:00Z
11
value 0.00056
scoring_system epss
scoring_elements 0.17582
published_at 2026-04-09T12:55:00Z
12
value 0.00056
scoring_system epss
scoring_elements 0.17596
published_at 2026-04-11T12:55:00Z
13
value 0.00056
scoring_system epss
scoring_elements 0.17549
published_at 2026-04-12T12:55:00Z
14
value 0.00056
scoring_system epss
scoring_elements 0.17496
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2119
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892813
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=892813
11
reference_url https://github.com/advisories/GHSA-9qj7-jvg4-qr2x
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9qj7-jvg4-qr2x
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-2119.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-2119.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2119
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2119
fixed_packages
0
url pkg:gem/passenger@3.0.21
purl pkg:gem/passenger@3.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4agx-j827-hbex
1
vulnerability VCID-e99s-zs31-c3cn
2
vulnerability VCID-fhu6-3k8p-aub2
3
vulnerability VCID-ge31-t14g-e3bb
4
vulnerability VCID-gjey-tb5m-gygf
5
vulnerability VCID-nxqg-9ste-cycv
6
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@3.0.21
1
url pkg:gem/passenger@4.0.5
purl pkg:gem/passenger@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4agx-j827-hbex
1
vulnerability VCID-e99s-zs31-c3cn
2
vulnerability VCID-fhu6-3k8p-aub2
3
vulnerability VCID-ge31-t14g-e3bb
4
vulnerability VCID-gjey-tb5m-gygf
5
vulnerability VCID-nxqg-9ste-cycv
6
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.5
aliases CVE-2013-2119, GHSA-9qj7-jvg4-qr2x, OSV-93752
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxtc-uenz-eycy
6
url VCID-nxqg-9ste-cycv
vulnerability_id VCID-nxqg-9ste-cycv
summary 
Server Instance Directory Creation Local Symlink File Overwrite
This package contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
1
reference_url http://openwall.com/lists/oss-security/2014/01/29/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/29/6
2
reference_url http://openwall.com/lists/oss-security/2014/01/30/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/01/30/3
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1832
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20511
published_at 2026-04-29T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20781
published_at 2026-04-11T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20738
published_at 2026-04-12T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20686
published_at 2026-04-13T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20672
published_at 2026-04-16T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20668
published_at 2026-04-18T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20659
published_at 2026-04-21T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20547
published_at 2026-04-24T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20543
published_at 2026-04-26T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20711
published_at 2026-04-01T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20854
published_at 2026-04-02T12:55:00Z
11
value 0.00067
scoring_system epss
scoring_elements 0.20912
published_at 2026-04-04T12:55:00Z
12
value 0.00067
scoring_system epss
scoring_elements 0.20626
published_at 2026-04-07T12:55:00Z
13
value 0.00067
scoring_system epss
scoring_elements 0.20702
published_at 2026-04-08T12:55:00Z
14
value 0.00067
scoring_system epss
scoring_elements 0.20763
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1832
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1058992
7
reference_url https://github.com/advisories/GHSA-qw8w-2xcp-xg59
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qw8w-2xcp-xg59
8
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
9
reference_url https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
reference_id
reference_type
scores
url https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
10
reference_url https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1832
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1832
fixed_packages
0
url pkg:gem/passenger@4.0.38
purl pkg:gem/passenger@4.0.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e99s-zs31-c3cn
1
vulnerability VCID-fhu6-3k8p-aub2
2
vulnerability VCID-ge31-t14g-e3bb
3
vulnerability VCID-z5g4-xxf6-vbbh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@4.0.38
aliases CVE-2014-1832, GHSA-qw8w-2xcp-xg59, OSV-102613
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxqg-9ste-cycv
7
url VCID-z5g4-xxf6-vbbh
vulnerability_id VCID-z5g4-xxf6-vbbh
summary 
Incorrect Permission Assignment for Critical Resource
An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41682
published_at 2026-04-29T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41761
published_at 2026-04-26T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.4176
published_at 2026-04-24T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41833
published_at 2026-04-21T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41905
published_at 2026-04-18T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41932
published_at 2026-04-16T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41882
published_at 2026-04-13T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41894
published_at 2026-04-12T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41825
published_at 2026-04-01T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.4193
published_at 2026-04-11T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41906
published_at 2026-04-09T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.4189
published_at 2026-04-02T12:55:00Z
12
value 0.00198
scoring_system epss
scoring_elements 0.41895
published_at 2026-04-08T12:55:00Z
13
value 0.00198
scoring_system epss
scoring_elements 0.41846
published_at 2026-04-07T12:55:00Z
14
value 0.00198
scoring_system epss
scoring_elements 0.41918
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
2
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
3
reference_url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
reference_id 1594361
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
reference_id CVE-2018-12615
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
8
reference_url https://github.com/advisories/GHSA-4284-jfhc-f854
reference_id GHSA-4284-jfhc-f854
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4284-jfhc-f854
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12615, GHSA-4284-jfhc-f854
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5g4-xxf6-vbbh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/passenger@3.0.9