Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/passenger@5.3.1
Typegem
Namespace
Namepassenger
Version5.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.2
Latest_non_vulnerable_version6.0.26
Affected_by_vulnerabilities
0
url VCID-a91w-ppku-ebfc
vulnerability_id VCID-a91w-ppku-ebfc
summary 
Information Exposure
Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.50811
published_at 2026-05-05T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.50846
published_at 2026-04-01T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.50901
published_at 2026-04-02T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.50927
published_at 2026-04-04T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.50885
published_at 2026-04-07T12:55:00Z
5
value 0.00275
scoring_system epss
scoring_elements 0.50942
published_at 2026-04-08T12:55:00Z
6
value 0.00275
scoring_system epss
scoring_elements 0.50939
published_at 2026-04-09T12:55:00Z
7
value 0.00275
scoring_system epss
scoring_elements 0.50981
published_at 2026-04-16T12:55:00Z
8
value 0.00275
scoring_system epss
scoring_elements 0.5096
published_at 2026-04-12T12:55:00Z
9
value 0.00275
scoring_system epss
scoring_elements 0.50943
published_at 2026-04-13T12:55:00Z
10
value 0.00275
scoring_system epss
scoring_elements 0.50987
published_at 2026-04-18T12:55:00Z
11
value 0.00275
scoring_system epss
scoring_elements 0.50967
published_at 2026-04-21T12:55:00Z
12
value 0.00275
scoring_system epss
scoring_elements 0.50915
published_at 2026-04-24T12:55:00Z
13
value 0.00275
scoring_system epss
scoring_elements 0.50923
published_at 2026-04-26T12:55:00Z
14
value 0.00275
scoring_system epss
scoring_elements 0.50884
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
reference_id 1592619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
reference_id CVE-2018-12027
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
8
reference_url https://github.com/advisories/GHSA-whfx-877c-5p28
reference_id GHSA-whfx-877c-5p28
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whfx-877c-5p28
9
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12027, GHSA-whfx-877c-5p28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a91w-ppku-ebfc
1
url VCID-e99s-zs31-c3cn
vulnerability_id VCID-e99s-zs31-c3cn
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27058
published_at 2026-05-05T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27228
published_at 2026-04-29T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27302
published_at 2026-04-26T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.27668
published_at 2026-04-02T12:55:00Z
4
value 0.00099
scoring_system epss
scoring_elements 0.27608
published_at 2026-04-09T12:55:00Z
5
value 0.00099
scoring_system epss
scoring_elements 0.27565
published_at 2026-04-08T12:55:00Z
6
value 0.00099
scoring_system epss
scoring_elements 0.27497
published_at 2026-04-07T12:55:00Z
7
value 0.00099
scoring_system epss
scoring_elements 0.27706
published_at 2026-04-04T12:55:00Z
8
value 0.00099
scoring_system epss
scoring_elements 0.27404
published_at 2026-04-24T12:55:00Z
9
value 0.00099
scoring_system epss
scoring_elements 0.27451
published_at 2026-04-21T12:55:00Z
10
value 0.00099
scoring_system epss
scoring_elements 0.27491
published_at 2026-04-18T12:55:00Z
11
value 0.00099
scoring_system epss
scoring_elements 0.27518
published_at 2026-04-16T12:55:00Z
12
value 0.00099
scoring_system epss
scoring_elements 0.27512
published_at 2026-04-13T12:55:00Z
13
value 0.00099
scoring_system epss
scoring_elements 0.27568
published_at 2026-04-12T12:55:00Z
14
value 0.00099
scoring_system epss
scoring_elements 0.27613
published_at 2026-04-11T12:55:00Z
15
value 0.00099
scoring_system epss
scoring_elements 0.27629
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
9
reference_url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
reference_id 1592612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
reference_id 921767
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
reference_id CVE-2018-12029
reference_type
scores
0
value 4.4
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:P/A:P
1
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
15
reference_url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
reference_id GHSA-jjcj-fgfm-9g9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
16
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
17
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12029, GHSA-jjcj-fgfm-9g9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e99s-zs31-c3cn
2
url VCID-etvv-bvc3-qyan
vulnerability_id VCID-etvv-bvc3-qyan
summary 
Improper Link Resolution Before File Access
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
reference_id
reference_type
scores
0
value 0.01123
scoring_system epss
scoring_elements 0.78356
published_at 2026-05-05T12:55:00Z
1
value 0.01123
scoring_system epss
scoring_elements 0.78295
published_at 2026-04-16T12:55:00Z
2
value 0.01123
scoring_system epss
scoring_elements 0.78208
published_at 2026-04-01T12:55:00Z
3
value 0.01123
scoring_system epss
scoring_elements 0.78321
published_at 2026-04-24T12:55:00Z
4
value 0.01123
scoring_system epss
scoring_elements 0.78289
published_at 2026-04-21T12:55:00Z
5
value 0.01123
scoring_system epss
scoring_elements 0.78217
published_at 2026-04-02T12:55:00Z
6
value 0.01123
scoring_system epss
scoring_elements 0.78247
published_at 2026-04-04T12:55:00Z
7
value 0.01123
scoring_system epss
scoring_elements 0.78229
published_at 2026-04-07T12:55:00Z
8
value 0.01123
scoring_system epss
scoring_elements 0.78255
published_at 2026-04-08T12:55:00Z
9
value 0.01123
scoring_system epss
scoring_elements 0.78261
published_at 2026-04-09T12:55:00Z
10
value 0.01123
scoring_system epss
scoring_elements 0.78286
published_at 2026-04-11T12:55:00Z
11
value 0.01123
scoring_system epss
scoring_elements 0.78269
published_at 2026-04-12T12:55:00Z
12
value 0.01123
scoring_system epss
scoring_elements 0.78264
published_at 2026-04-13T12:55:00Z
13
value 0.01123
scoring_system epss
scoring_elements 0.78293
published_at 2026-04-18T12:55:00Z
14
value 0.01123
scoring_system epss
scoring_elements 0.78344
published_at 2026-04-29T12:55:00Z
15
value 0.01123
scoring_system epss
scoring_elements 0.78328
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
6
reference_url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
reference_id 1592616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
reference_id CVE-2018-12026
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
11
reference_url https://github.com/advisories/GHSA-7cv3-gvmc-8mq5
reference_id GHSA-7cv3-gvmc-8mq5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cv3-gvmc-8mq5
12
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12026, GHSA-7cv3-gvmc-8mq5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etvv-bvc3-qyan
3
url VCID-xn3j-fysa-ybga
vulnerability_id VCID-xn3j-fysa-ybga
summary 
Incorrect Permission Assignment for Critical Resource
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38546
published_at 2026-05-05T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38668
published_at 2026-04-29T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38757
published_at 2026-04-26T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.3878
published_at 2026-04-24T12:55:00Z
4
value 0.00175
scoring_system epss
scoring_elements 0.38988
published_at 2026-04-21T12:55:00Z
5
value 0.00175
scoring_system epss
scoring_elements 0.39023
published_at 2026-04-07T12:55:00Z
6
value 0.00175
scoring_system epss
scoring_elements 0.39106
published_at 2026-04-11T12:55:00Z
7
value 0.00175
scoring_system epss
scoring_elements 0.39094
published_at 2026-04-09T12:55:00Z
8
value 0.00175
scoring_system epss
scoring_elements 0.39085
published_at 2026-04-02T12:55:00Z
9
value 0.00175
scoring_system epss
scoring_elements 0.39105
published_at 2026-04-16T12:55:00Z
10
value 0.00175
scoring_system epss
scoring_elements 0.39079
published_at 2026-04-08T12:55:00Z
11
value 0.00175
scoring_system epss
scoring_elements 0.39075
published_at 2026-04-18T12:55:00Z
12
value 0.00175
scoring_system epss
scoring_elements 0.39049
published_at 2026-04-13T12:55:00Z
13
value 0.00175
scoring_system epss
scoring_elements 0.39069
published_at 2026-04-12T12:55:00Z
14
value 0.00175
scoring_system epss
scoring_elements 0.38897
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
reference_id 1592621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
reference_id CVE-2018-12028
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
9
reference_url https://github.com/advisories/GHSA-jjhj-8gx7-x836
reference_id GHSA-jjhj-8gx7-x836
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjhj-8gx7-x836
10
reference_url https://security.gentoo.org/glsa/201807-02
reference_id GLSA-201807-02
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12028, GHSA-jjhj-8gx7-x836
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xn3j-fysa-ybga
4
url VCID-z5g4-xxf6-vbbh
vulnerability_id VCID-z5g4-xxf6-vbbh
summary 
Incorrect Permission Assignment for Critical Resource
An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41541
published_at 2026-05-05T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41682
published_at 2026-04-29T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41761
published_at 2026-04-26T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.4176
published_at 2026-04-24T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41833
published_at 2026-04-21T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41905
published_at 2026-04-18T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41932
published_at 2026-04-16T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41882
published_at 2026-04-13T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41825
published_at 2026-04-01T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41894
published_at 2026-04-12T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.4193
published_at 2026-04-11T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.4189
published_at 2026-04-02T12:55:00Z
12
value 0.00198
scoring_system epss
scoring_elements 0.41906
published_at 2026-04-09T12:55:00Z
13
value 0.00198
scoring_system epss
scoring_elements 0.41918
published_at 2026-04-04T12:55:00Z
14
value 0.00198
scoring_system epss
scoring_elements 0.41895
published_at 2026-04-08T12:55:00Z
15
value 0.00198
scoring_system epss
scoring_elements 0.41846
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12615
2
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
3
reference_url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.yml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
reference_id 1594361
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594361
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
reference_id CVE-2018-12615
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12615
8
reference_url https://github.com/advisories/GHSA-4284-jfhc-f854
reference_id GHSA-4284-jfhc-f854
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4284-jfhc-f854
fixed_packages
0
url pkg:gem/passenger@5.3.2
purl pkg:gem/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.2
aliases CVE-2018-12615, GHSA-4284-jfhc-f854
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5g4-xxf6-vbbh
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.3.1